| VID |
22412 |
| Severity |
40 |
| Port |
8022, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Ipswitch WhatsUp Professional is vulnerable to multiple input validation vulnerabilities. Ipswitch WhatsUp Professional is used to monitor states of applications, services and hosts. Ipswitch WhatsUp Professional 2006 is vulnerable to multiple input-validation vulnerabilities, which include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. Successful exploits of these vulnerabilities could allow an attacker to access or modify data, steal cookie-based authentication credentials, perform username-enumeration, access sensitive information, and gain unauthorized access to script source code. Other attacks are also possible.
* References:
http://www.securityfocus.com/archive/1/433808/30/0/threaded
http://www.frsirt.com/english/advisories/2006/1787
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045977.html
http://secunia.com/advisories/20075/
* Platforms Affected:
Ipswitch WhatsUp Professional 2006 Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of May 2006.
Upgrade to a version of Ipswitch WhatsUp Professional, when new fixed version becomes available from the Ipswitch Products Download Web site at http://www.ipswitch.com/downloads/updates.asp
As a workaround, restrict access to port 8022/tcp and disable the "Enable web server on port [port]" setting if enabled. |
| Related URL |
CVE-2006-2351,CVE-2006-2352,CVE-2006-2353,CVE-2006-2354,CVE-2006-2355,CVE-2006-2356,CVE-2006-2357 (CVE) |
| Related URL |
17964 (SecurityFocus) |
| Related URL |
26500,26501,26502,26503,26504,26505,26506 (ISS) |
|
