Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> WhatsUp Gold <= 8.04 Multiple Vulnerabilities


Vulnerability Assessment Details

WhatsUp Gold <= 8.04 Multiple Vulnerabilities

Vulnerability Assessment Summary
Checks for multiple vulnerabilities in WhatsUp Gold <= 8.04

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server can be used to reveal script source code and
contains an ASP script that is prone to cross-site scripting attacks.

Description :

The remote host is running WhatsUp Gold, an applications and network
monitor and management system for Windows from Ipswitch.

The installed version of WhatsUp Gold returns a script's source code
in response to a URI with an uppercase file extension. This may lead
to the disclosure of sensitive information or subsequent attacks
against the affected application. In addition, WhatsUp Gold also is
prone to cross-site scripting attacks because it fails to sanitize
user-supplied input to the 'map' parameter of the 'map.asp' script.

See also :

http://www.cirt.dk/advisories/cirt-34-advisory.pdf
http://www.cirt.dk/advisories/cirt-35-advisory.pdf

Solution :

Unknown at this time.

Network Security Threat Level:

Low / CVSS Base Score : 1
(AV:R/AC:L/Au:R/C:P/A:N/I:N/B:N)

Networks Security ID: 14797, 14799

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

Vintage NCR PC 386sx16 /ISA User's Manual
$4.5
Vintage NCR PC 386sx16 /ISA User's Manual pictureGOLD Western Digital WD1010AL - WD2010-AL VINTAGE CDIP
$14.0
GOLD Western Digital WD1010AL - WD2010-AL VINTAGE CDIP pictureVintage NCR System 3000 Model 3333 User's Manual
$4.5
Vintage NCR System 3000 Model 3333 User's Manual pictureVintage Apple Macintosh Performa 460 Computer (LC III +) NEW CAPACITORS
$95.0
Vintage Apple Macintosh Performa 460 Computer (LC III +) NEW CAPACITORS picture


Discussions

No Discussions have been posted on this vulnerability.