Vulnerability Description
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apachefriends | Xampp | 1.6.8 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47202
- https://www.exploit-db.com/exploits/7384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47202
- https://www.exploit-db.com/exploits/7384
FAQ
What is CVE-2008-6499?
CVE-2008-6499 is a vulnerability with a CVSS score of 5.5 (MEDIUM). security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOT...
How severe is CVE-2008-6499?
CVE-2008-6499 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6499?
Check the references section above for vendor advisories and patch information. Affected products include: Apachefriends Xampp.