Ipswitch WhatsUp Professional multiple flaws

2006.05.17
Credit: David Maciejak (david maciejak gmail com)
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-2357 | CVE-2006-2356 | CVE-2006-2353 | CVE-2006-2351
CWE: N/A

WhatsUp is a tool from Ipswitch to monitor application and network, embedding a custom web server on port 8022. Description: This custom web server is prone to multiple flaws. -as authenticated user: *src disclosure http://server:8022/NmConsole/Login.asp. *there are many XSS flaws, as http://server:8022/NmConsole/Navigation.asp?sDeviceView=<SCRIPT>alert("m e");</SCRIPT>&nDeviceID=<SCRIPT>alert("me");</SCRIPT> http://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHos tname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize= 32&btnPing=Ping *redirection http://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/De vicePassiveMonitorSyslog.asp&sCancelURL=http://www.google.fr -not being authenticated: *src disclosure http://server:8022/NmConsole/Login.asp. *network nodes information disclosure (name, internal addr, service) http://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0 The weaknesses have been confirmed in version 2006, source disclosure in version 2005 and 2005 SP1 too. Other versions may also be affected. No response from vendor. Solution: -Filtered TCP port 8022, ask a patch from vendor if you are a registered user -Keep an eye on an opensource project: http://gnms.rubyforge.org David Maciejak


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top