Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2531


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2531
Last Modified 07 Mar 2011 09:36:27
Published 22 May 2006 07:10:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Ipswitch WhatsUp Professional 2006 only verifies the users identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".

Vulnerable Systems


  • Ipswitch Whatsup Professional 2006


VUPEN - ADV-2006-1849

BUGTRAQ - 20060517 Re: [Full-disclosure] What's Up Professional Spoofing Authentication Bypass

BUGTRAQ - 20060517 What's Up Professional Spoofing Authentication Bypass


XF - whatsup-http-auth-bypass(26529)

BID - 18019

Last Updated: 27 May 2016 10:42:39