CVE-2024-5055
📋 TL;DR
This vulnerability allows attackers to crash XAMPP servers on Windows by sending many incomplete HTTP requests, causing uncontrolled resource consumption. It affects XAMPP installations on Windows, particularly those exposed to untrusted networks. System administrators running vulnerable XAMPP versions are at risk of service disruption.
💻 Affected Systems
- XAMPP for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service causing XAMPP and potentially the entire Windows system to crash, requiring manual intervention to restore service.
Likely Case
XAMPP service becomes unresponsive or crashes, disrupting hosted applications and requiring service restart.
If Mitigated
Minimal impact with proper network segmentation and monitoring; service may experience temporary performance degradation.
🎯 Exploit Status
Exploitation requires sending many incomplete HTTP requests, which is trivial to automate. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.3.3 or later
Vendor Advisory: https://www.apachefriends.org/blog/
Restart Required: Yes
Instructions:
1. Download latest XAMPP version from apachefriends.org. 2. Stop all XAMPP services. 3. Run installer and choose upgrade option. 4. Restart XAMPP services.
🔧 Temporary Workarounds
Rate Limiting via Firewall
windowsImplement connection rate limiting to prevent flood of incomplete HTTP requests
netsh advfirewall firewall add rule name="XAMPP Rate Limit" dir=in action=block remoteip=any protocol=TCP localport=80,443,8080,8443 profile=any enable=yes
Network Segmentation
windowsRestrict access to XAMPP services to trusted networks only
netsh advfirewall firewall add rule name="XAMPP Internal Only" dir=in action=allow remoteip=192.168.0.0/24,10.0.0.0/8,172.16.0.0/12 protocol=TCP localport=80,443,8080,8443 profile=any enable=yes
netsh advfirewall firewall add rule name="Block External XAMPP" dir=in action=block remoteip=any protocol=TCP localport=80,443,8080,8443 profile=any enable=yes
🧯 If You Can't Patch
- Implement network-level rate limiting using firewall rules or WAF
- Monitor XAMPP service health and set up automated restart scripts for crash recovery
🔍 How to Verify
Check if Vulnerable:
Check XAMPP control panel or read xampp-control.ini for version number. If version is 7.3.2 or earlier, system is vulnerable.Check Version:
type "C:\xampp\xampp-control.ini" | findstr "Version"Verify Fix Applied:
After upgrade, verify version is 7.3.3 or later in XAMPP control panel. Test with simulated incomplete HTTP requests using tools like curl or custom scripts.📡 Detection & Monitoring
Log Indicators:
- Multiple incomplete HTTP requests in Apache logs
- XAMPP service crash events in Windows Event Log
- High CPU/memory usage by Apache process
Network Indicators:
- Unusual volume of incomplete HTTP requests to XAMPP ports
- Multiple TCP SYN packets without complete handshakes
SIEM Query:
source="apache_access.log" | where http_status="-" | stats count by src_ip | where count > 100