| VID |
21706 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WhatsUp Gold Web server has the '_maincfgret.cgi' CGI file being installed. Ipswitch WhatsUp Gold is a network management and monitoring tool for Microsoft Windows platforms. WhatsUp Gold version 8.03 and earlier versions are vulnerable to a remote buffer overflow vulnerability in the _maincfgret.cgi. By posting a specially-crafted long string for the instancename parameter of the _maincfgret.cgi, a remote attacker could execute arbitrary code on the affected computer with the privileges of the user that started the vulnerable application.
* Note: This check solely checks the existence of the '_maincfgret.cgi' CGI file to assess this vulnerability, so this might be a false positive.
* References:
http://www.idefense.com/application/poi/display?id=142&type=vulnerabilities
http://www.packetstormsecurity.org/0408-advisories/08.25.04.txt
* Platforms Affected:
Ipswitch, WhatsUp Gold version 8.03 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WhatsUp Gold (8.03 Hotfix 1 or later), available from the WhatsUp Gold Web site at http://www.whatsupgold.com/ |
| Related URL |
CVE-2004-0798 (CVE) |
| Related URL |
11043 (SecurityFocus) |
| Related URL |
17111 (ISS) |
|
