Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0911

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0911
Last Modified 31 Aug 2011 12:00:00
Published 28 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0911

Summary

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.

Vulnerable Systems

Application

  • Ipswitch Whatsup Professional 2006


References

MISC - http://zur.homelinux.com/Advisories/ipswitch_dos.txt

XF - whatsup-nmservice-dos(24864)

VUPEN - ADV-2006-0704

BID - 16771

BUGTRAQ - 20060222 IpSwitch WhatsUp Professional 2006 DoS

OSVDB - 23494

SREASON - 472


Last Updated: 27 May 2016 10:41:50