header-logo
Suggest Exploit
vendor:
WhatsUp Small Business 2004
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WhatsUp Small Business 2004
Affected Version From: 2004
Affected Version To: 2004
Patch Exists: YES
Related CWE: CVE-2004-0753
CPE: a:ipswitch:whatsup_small_business_2004
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0753/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2004

IPSwitch WhatsUp Small Business 2004 Directory Traversal Vulnerability

IPSwitch WhatsUp Small Business 2004 is prone to a directory traversal vulnerability. This vulnerability allows a remote attacker to gain access to files outside the Web root by sending a specially crafted HTTP request to the server. An example of such a request is http://[address of server]:8022/../../../../../../../../../../../boot.ini.

Mitigation:

Upgrade to the latest version of IPSwitch WhatsUp Small Business 2004.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15291/info

IPSwitch WhatsUp Small Business 2004 is prone to a directory traversal vulnerability. Successful exploitation could allow a remote attacker to gain access to files outside the Web root. Sensitive information may be obtained in this manner. 

http://[address of server]:8022/../../../../../../../../../../../boot.ini

Navigation

Suggest Exploit

Services By CQR