Check Point Advisories

Ipswitch WhatsUp Web Interface SQL Injection (CVE-2005-1250)

Check Point Reference: CPAI-2005-259
Date Published: 30 Sep 2009
Severity: Medium
Last Updated: Wednesday 30 September, 2009
Source:
Industry Reference:CVE-2005-1250
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description WhatsUp Professional 2005 is a network monitoring and resource management solution. WhatsUp Professional uses a relational database to store the information about user accounts and network devices that are monitored by the application. The relational databases supported by WhatsUp Professional are Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), which is bundled with WhatsUp Professional 2005 and used by default, and Microsoft SQL Server 2000. There exists a SQL injection vulnerability in Ipswitch WhatsUp Professional. The flaw is caused by insufficient validation of user supplied data submitted to the product's Web interface. The vulnerability can allow an attacker to execute arbitrary SQL statements in the WhatsUp database. The behaviour of the target system is dependent on the intent of the malicious SQL statements that are submitted. The most likely scenario would be an attempt to alter password values in the database such as to allow an attacker to subsequently log in as an administrative user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Ipswitch WhatsUp Web Interface SQL Injection protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Application Servers Protection Violation.
Attack Information:  Ipswitch WhatsUp web interface SQL injection

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK