CVE-2018-25169

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/45850
https://www.vulncheck.com/advisories/ampps-denial-of-service-via-malformed-socket-connection

Configurations

No configuration.

History

15 Apr 2026, 14:53

Type	Values Removed	Values Added
Summary		(es) AMPPS 2.7 contiene una vulnerabilidad de denegación de servicio que permite a atacantes remotos colapsar el servicio enviando datos malformados al puerto HTTP predeterminado. Los atacantes pueden establecer múltiples conexiones de socket y transmitir cargas útiles no válidas para agotar los recursos del servidor y causar la indisponibilidad del servicio.

06 Mar 2026, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-06 13:15

Updated : 2026-04-15 14:53

NVD link : CVE-2018-25169

Mitre link : CVE-2018-25169

CVE.ORG link : CVE-2018-25169

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Insecure Default Initialization of Resource

{"id": "CVE-2018-25169", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T13:15:58.057", "references": [{"url": "https://www.exploit-db.com/exploits/45850", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/ampps-denial-of-service-via-malformed-socket-connection", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability."}, {"lang": "es", "value": "AMPPS 2.7 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes remotos colapsar el servicio enviando datos malformados al puerto HTTP predeterminado. Los atacantes pueden establecer m\u00faltiples conexiones de socket y transmitir cargas \u00fatiles no v\u00e1lidas para agotar los recursos del servidor y causar la indisponibilidad del servicio."}], "lastModified": "2026-04-15T14:53:58.147", "sourceIdentifier": "disclosure@vulncheck.com"}