ID

VAR-200602-0436


CVE

CVE-2006-0911


TITLE

Ipswitch WhatsUp Professional 2006 Remote Denial Of Service Vulnerability

Trust: 0.9

sources: BID: 16771 // CNNVD: CNNVD-200602-421

DESCRIPTION

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. Remote attackers may use this vulnerability to perform denial of service attacks on server programs. If the user visits a specially crafted URL request, it may cause NmService to use 100\\% of CPU resources, resulting in a denial of service

Trust: 1.26

sources: NVD: CVE-2006-0911 // BID: 16771 // VULHUB: VHN-17019

AFFECTED PRODUCTS

vendor:ipswitchmodel:whatsupscope:eqversion:professional_2006

Trust: 1.6

vendor:ipswitchmodel:whatsup professionalscope:eqversion:20060

Trust: 0.3

sources: BID: 16771 // CNNVD: CNNVD-200602-421 // NVD: CVE-2006-0911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0911
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200602-421
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17019
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0911
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17019
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-17019 // CNNVD: CNNVD-200602-421 // NVD: CVE-2006-0911

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.1

sources: VULHUB: VHN-17019 // NVD: CVE-2006-0911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-421

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200602-421

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-17019

EXTERNAL IDS

db:BIDid:16771

Trust: 2.0

db:OSVDBid:23494

Trust: 1.7

db:SREASONid:472

Trust: 1.7

db:VUPENid:ADV-2006-0704

Trust: 1.7

db:NVDid:CVE-2006-0911

Trust: 1.7

db:CNNVDid:CNNVD-200602-421

Trust: 0.7

db:XFid:24864

Trust: 0.6

db:BUGTRAQid:20060222 IPSWITCH WHATSUP PROFESSIONAL 2006 DOS

Trust: 0.6

db:SEEBUGid:SSVID-80875

Trust: 0.1

db:EXPLOIT-DBid:27258

Trust: 0.1

db:VULHUBid:VHN-17019

Trust: 0.1

sources: VULHUB: VHN-17019 // BID: 16771 // CNNVD: CNNVD-200602-421 // NVD: CVE-2006-0911

REFERENCES

url:http://www.securityfocus.com/bid/16771

Trust: 1.7

url:http://zur.homelinux.com/advisories/ipswitch_dos.txt

Trust: 1.7

url:http://www.osvdb.org/23494

Trust: 1.7

url:http://securityreason.com/securityalert/472

Trust: 1.7

url:http://www.securityfocus.com/archive/1/425780/100/0/threaded

Trust: 1.1

url:http://www.vupen.com/english/advisories/2006/0704

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24864

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/24864

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/425780/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0704

Trust: 0.6

url:http://www.ipswitch.com/products/network-management.asp

Trust: 0.3

url:/archive/1/425780

Trust: 0.3

sources: VULHUB: VHN-17019 // BID: 16771 // CNNVD: CNNVD-200602-421 // NVD: CVE-2006-0911

CREDITS

Josh Zlatin jzlatin@ramat.cc

Trust: 0.6

sources: CNNVD: CNNVD-200602-421

SOURCES

db:VULHUBid:VHN-17019
db:BIDid:16771
db:CNNVDid:CNNVD-200602-421
db:NVDid:CVE-2006-0911

LAST UPDATE DATE

2024-11-23T22:50:28.798000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-17019date:2018-10-18T00:00:00
db:BIDid:16771date:2006-02-23T18:47:00
db:CNNVDid:CNNVD-200602-421date:2006-04-26T00:00:00
db:NVDid:CVE-2006-0911date:2024-11-21T00:07:38.050

SOURCES RELEASE DATE

db:VULHUBid:VHN-17019date:2006-02-28T00:00:00
db:BIDid:16771date:2006-02-22T00:00:00
db:CNNVDid:CNNVD-200602-421date:2006-02-28T00:00:00
db:NVDid:CVE-2006-0911date:2006-02-28T11:02:00