| VID |
22371 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The WhatsUp Gold Web server is vulnerable to multiple vulnerabilities. Ipswitch WhatsUp Gold is a network management and monitoring tool for Microsoft Windows platforms. WhatsUp Gold Premium versions 8.03 and 8.04 are vulnerable to multiple vulnerabilities as follows:
1) An Information Disclosure Vulnerability: A remote attacker could use uppercase extensions such as map.ASP, to enable the attacker to view source code of .asp scripts on the Web server.
2) An Cross-Site Scripting Vulnerability: Input passed to the "map" parameter in the "map.asp" script isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
* References:
http://www.cirt.dk/advisories/cirt-34-advisory.pdf
http://www.cirt.dk/advisories/cirt-35-advisory.pdf
http://secunia.com/advisories/16792/
* Platforms Affected:
Ipswitch, WhatsUp Gold versions 8.03 and 8.04
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of September 2005.
Upgrade to the latest version of WhatsUp Gold, when new fixed version becomes available from the WhatsUp Gold Web site at http://www.Ipswitch.com/products/whatsup/index.html |
| Related URL |
(CVE) |
| Related URL |
14797,14799 (SecurityFocus) |
| Related URL |
22224,22226 (ISS) |
|
