Check Point Advisories

Update Protection against Ipswitch WhatsUp Professional 2006 Multiple Vulnerabilities

Check Point Reference: CPAI-2006-058
Date Published: 6 Jun 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: Full-disclosure
SecuriTeam
Industry Reference:CVE-2006-2353
CVE-2006-2357
Protection Provided by:
Who is Vulnerable? WhatsUp Professional 2006
Vulnerability Description WhatsUp is a tool from Ipswitch that monitors application and network. WhatsUp runs a custom web server for the application Web interface on port 8022. Multiple flaws have been identified in the server including XSS vulnerabilities, page redirection via cross site scripting and header spoofing attacks.
Vulnerability Details

The server suffers from several flaws, including:

  • Source disclosure in several pages
  • Disclosure of network nodes information (name, internal addr, service)
  • XSS vulnerabilities
  • Page redirection via cross-site-scripting

    For more information, see SecuriTeam Advisory.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK