Vulnerability of uncontrolled resource consumption in XAMPP

Posted date 17/05/2024
4 - High
Affected Resources

XAMPP, 7.3.2 version.


INCIBE has coordinated the publication of a high severity vulnerability affecting XAMPP, a free and open source cross-platform web server solution package developed by Apache Friends, version 7.3.2, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, base score CVSS v3.1, CVSS vector and vulnerability type CWE:

  • CVE-2024-5055: 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-400

There is no reported solution at this time.


CVE-2024-5055: uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.

References list