Details of VAR-200605-0059

ID

VAR-200605-0059

CVE

CVE-2006-2357

TITLE

Ipswitch WhatsUp Professional Login.asp Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200605-275

DESCRIPTION

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. TITLE: WhatsUp Professional Cross-Site Scripting and Information Disclosure SECUNIA ADVISORY ID: SA20075 VERIFY ADVISORY: http://secunia.com/advisories/20075/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Ipswitch WhatsUp Professional 2006 http://secunia.com/product/9917/ Ipswitch WhatsUp Professional 2006 Premium http://secunia.com/product/9918/ DESCRIPTION: Some vulnerabilities and weaknesses have been discovered in WhatsUp Professional, which can be exploited by malicious people to gain knowledge of certain information or conduct cross-site scripting attacks. 1) Input passed to NmConsole/Navigation.asp and to the "sHostname" parameter in NmConsole/ToolResults.asp is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site. Example: http://[host]:8022/NmConsole/Navigation.asp?">[code] 2) Input passed to NmConsole/Tools.asp and NmConsole/DeviceSelection.asp is also not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site. 3) It's possible to disclose monitored devices without being logged in by passing arbitrary values to the "nDeviceGroupID" parameter in "NmConsole/utility/RenderMap.asp". Example: http://[host]:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=2 4) Input passed to the "sRedirectUrl" and "sCancelURL" in NmConsole/DeviceSelection.asp is not properly verified, which makes it possible to redirect a user to an arbitrary web site. It is also possible to disclose the source code of the ASP pages by appending a period to the end of the file extension. 5) Different error messages are returned during login to "NmConsole/Login.asp" depending on whether the supplied username or password is incorrect. 6) It is possible to disclose path information in 404 error messages returned by the service. SOLUTION: Restrict access to port 8022/tcp and don't visit other web sites while logged in. PROVIDED AND/OR DISCOVERED BY: 1, 3, 4) David Maciejak 2, 5, 6) Reported by an anonymous person. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-2357 // BID: 87637 // VULHUB: VHN-18465 // PACKETSTORM: 46269

AFFECTED PRODUCTS

vendor:	ipswitch	model:	whatsup professional	scope:	eq	version:	2006	Trust: 1.6
vendor:	ipswitch	model:	whatsup professional	scope:	eq	version:	2006_premium	Trust: 1.6
vendor:	ipswitch	model:	whatsup professional	scope:	eq	version:	20060	Trust: 0.3
vendor:	ipswitch	model:	whatsup professional premium	scope:	eq	version:	20052006	Trust: 0.3

sources: BID: 87637 // CNNVD: CNNVD-200605-275 // NVD: CVE-2006-2357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2357
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200605-275
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-18465
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-2357
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-18465
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-18465 // CNNVD: CNNVD-200605-275 // NVD: CVE-2006-2357

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-275

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200605-275

EXTERNAL IDS

db:	NVD	id:	CVE-2006-2357	Trust: 2.0
db:	SREASON	id:	897	Trust: 2.0
db:	SECUNIA	id:	20075	Trust: 1.8
db:	VUPEN	id:	ADV-2006-1787	Trust: 1.7
db:	XF	id:	26506	Trust: 0.9
db:	CNNVD	id:	CNNVD-200605-275	Trust: 0.7
db:	BUGTRAQ	id:	20060511 IPSWITCH WHATSUP PROFESSIONAL MULTIPLE FLAWS	Trust: 0.6
db:	BID	id:	87637	Trust: 0.4
db:	VULHUB	id:	VHN-18465	Trust: 0.1
db:	PACKETSTORM	id:	46269	Trust: 0.1

sources: VULHUB: VHN-18465 // BID: 87637 // PACKETSTORM: 46269 // CNNVD: CNNVD-200605-275 // NVD: CVE-2006-2357

REFERENCES

url:	http://www.securityfocus.com/archive/1/433808	Trust: 2.0
url:	http://securityreason.com/securityalert/897	Trust: 2.0
url:	http://secunia.com/advisories/20075	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1787	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26506	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/26506	Trust: 0.9
url:	http://www.frsirt.com/english/advisories/2006/1787	Trust: 0.6
url:	http://secunia.com/product/9917/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://[host]:8022/nmconsole/utility/rendermap.asp?ndevicegroupid=2	Trust: 0.1
url:	http://secunia.com/advisories/20075/	Trust: 0.1
url:	http://secunia.com/product/9918/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://[host]:8022/nmconsole/navigation.asp?">[code]	Trust: 0.1
url:	http://[host]:8022/nmconsole	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-18465 // BID: 87637 // PACKETSTORM: 46269 // CNNVD: CNNVD-200605-275 // NVD: CVE-2006-2357

CREDITS

Unknown

Trust: 0.3

sources: BID: 87637

SOURCES

db:	VULHUB	id:	VHN-18465
db:	BID	id:	87637
db:	PACKETSTORM	id:	46269
db:	CNNVD	id:	CNNVD-200605-275
db:	NVD	id:	CVE-2006-2357

LAST UPDATE DATE

2024-08-14T13:49:41.206000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-18465	date:	2017-07-20T00:00:00
db:	BID	id:	87637	date:	2006-05-15T00:00:00
db:	CNNVD	id:	CNNVD-200605-275	date:	2006-05-16T00:00:00
db:	NVD	id:	CVE-2006-2357	date:	2017-07-20T01:31:24.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-18465	date:	2006-05-15T00:00:00
db:	BID	id:	87637	date:	2006-05-15T00:00:00
db:	PACKETSTORM	id:	46269	date:	2006-05-17T05:39:52
db:	CNNVD	id:	CNNVD-200605-275	date:	2006-05-15T00:00:00
db:	NVD	id:	CVE-2006-2357	date:	2006-05-15T10:02:00