CVE-2018-25169
Denial of Service in AMPPS 2.7 via Malformed HTTP Requests
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ampps | ampps | to 2.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25169 is a denial of service vulnerability in AMPPS version 2.7 and earlier. It allows remote attackers to crash the AMPPS service by establishing multiple socket connections to the default HTTP port and sending malformed or invalid data. This causes the server to exhaust its resources, leading to service unavailability or a crash.
The vulnerability arises from improper initialization of a resource with an insecure default, making it easily exploitable without requiring any privileges or user interaction.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the AMPPS service to become unavailable or crash due to resource exhaustion. Attackers can remotely exploit this flaw by sending malformed data through multiple socket connections, which can disrupt your web service or applications running on AMPPS.
Since the attack requires no privileges or user interaction, it can be easily executed remotely, potentially leading to denial of service and loss of availability of your server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unusual or excessive TCP connections to the default HTTP port (port 80) on systems running AMPPS 2.7 or earlier. Specifically, detection involves identifying multiple socket connections sending malformed or invalid payloads that may exhaust server resources.'}, {'type': 'paragraph', 'content': 'A practical approach to detection is to use network monitoring tools or commands to observe the number of connections and the nature of the traffic on port 80.'}, {'type': 'list_item', 'content': "Use netstat to check for many established connections on port 80: `netstat -an | grep ':80' | grep ESTABLISHED`"}, {'type': 'list_item', 'content': 'Use tcpdump or Wireshark to capture and analyze traffic on port 80 for malformed or suspicious payloads.'}, {'type': 'list_item', 'content': 'On Linux, use `ss -s` to get socket statistics and look for unusually high socket usage.'}, {'type': 'list_item', 'content': 'Monitor server resource usage (CPU, memory) for spikes that correlate with high numbers of connections to port 80.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting or blocking suspicious traffic to the default HTTP port (port 80) on systems running AMPPS 2.7 or earlier to prevent resource exhaustion.
You can implement firewall rules to restrict the number of simultaneous connections from a single IP address or block malformed payloads if possible.
- Use firewall tools (e.g., iptables, Windows Firewall) to limit the number of concurrent connections to port 80.
- Temporarily disable or restrict access to the AMPPS HTTP service if it is not critical.
- Monitor and kill suspicious processes or connections that appear to be exploiting the vulnerability.
Ultimately, upgrading AMPPS to a version that patches this vulnerability or applying vendor-provided patches is recommended once available.