Sign-up

ID

VAR-200602-0436


CVE

CVE-2006-0911


TITLE

Ipswitch WhatsUp Professional 2006 Remote Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 16771 // CNNVD: CNNVD-200602-421

DESCRIPTION

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. Remote attackers may use this vulnerability to perform denial of service attacks on server programs. If the user visits a specially crafted URL request, it may cause NmService to use 100\\% of CPU resources, resulting in a denial of service

Trust: 1.26

sources: NVD: CVE-2006-0911 // BID: 16771 // VULHUB: VHN-17019

AFFECTED PRODUCTS

vendor:ipswitchmodel:whatsupscope:eqversion:professional_2006

Trust: 1.6

vendor:ipswitchmodel:whatsup professionalscope:eqversion:20060

Trust: 0.3

sources: BID: 16771 // CNNVD: CNNVD-200602-421 // NVD: CVE-2006-0911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0911
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200602-421
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17019
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0911
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17019
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-17019 // CNNVD: CNNVD-200602-421 // NVD: CVE-2006-0911

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.1

sources: VULHUB: VHN-17019 // NVD: CVE-2006-0911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-421

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200602-421

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-17019

EXTERNAL IDS
db:BIDid:16771
Trust: 2.0
db:OSVDBid:23494
Trust: 1.7
db:SREASONid:472
Trust: 1.7
db:VUPENid:ADV-2006-0704
Trust: 1.7
db:NVDid:CVE-2006-0911
Trust: 1.7
db:CNNVDid:CNNVD-200602-421
Trust: 0.7
db:XFid:24864
Trust: 0.6
db:BUGTRAQid:20060222 IPSWITCH WHATSUP PROFESSIONAL 2006 DOS
Trust: 0.6
db:SEEBUGid:SSVID-80875
Trust: 0.1
db:EXPLOIT-DBid:27258
Trust: 0.1
db:VULHUBid:VHN-17019
Trust: 0.1
sources:
            
            
            VULHUB: VHN-17019 // 
            
            
            
            BID: 16771 // 
            
            
            
            CNNVD: CNNVD-200602-421 // 
            
            
            
            NVD: CVE-2006-0911

REFERENCES
url:http://www.securityfocus.com/bid/16771
Trust: 1.7
url:http://zur.homelinux.com/advisories/ipswitch_dos.txt
Trust: 1.7
url:http://www.osvdb.org/23494
Trust: 1.7
url:http://securityreason.com/securityalert/472
Trust: 1.7
url:http://www.securityfocus.com/archive/1/425780/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/0704
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24864
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/24864
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/425780/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/0704
Trust: 0.6
url:http://www.ipswitch.com/products/network-management.asp
Trust: 0.3
url:/archive/1/425780
Trust: 0.3
sources:
            
            
            VULHUB: VHN-17019 // 
            
            
            
            BID: 16771 // 
            
            
            
            CNNVD: CNNVD-200602-421 // 
            
            
            
            NVD: CVE-2006-0911

CREDITS
Josh Zlatin jzlatin@ramat.cc
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200602-421

SOURCES
db:VULHUBid:VHN-17019
db:BIDid:16771
db:CNNVDid:CNNVD-200602-421
db:NVDid:CVE-2006-0911

LAST UPDATE DATE
2024-08-14T14:42:06.364000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-17019date:2018-10-18T00:00:00
db:BIDid:16771date:2006-02-23T18:47:00
db:CNNVDid:CNNVD-200602-421date:2006-04-26T00:00:00
db:NVDid:CVE-2006-0911date:2018-10-18T16:29:42.603

SOURCES RELEASE DATE
db:VULHUBid:VHN-17019date:2006-02-28T00:00:00
db:BIDid:16771date:2006-02-22T00:00:00
db:CNNVDid:CNNVD-200602-421date:2006-02-28T00:00:00
db:NVDid:CVE-2006-0911date:2006-02-28T11:02:00