Vulnerabilities > CVE-2006-0911 - Resource Management Errors vulnerability in Ipswitch Whatsup Professional2006

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ipswitch

CWE-399

exploit available

NVD

Published: 2006-02-28

Updated: 2024-11-21

Summary

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.

Vulnerable Configurations

Part	Description	Count
Application	Ipswitch Ipswitch Whatsup Professional_2006	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	Ipswitch WhatsUp Professional 2006 Remote Denial Of Service Vulnerability. CVE-2006-0911. Dos exploit for asp platform
id	EDB-ID:27258
last seen	2016-02-03
modified	2006-02-22
published	2006-02-22
reporter	Josh Zlatin-Amishav
source	https://www.exploit-db.com/download/27258/
title	Ipswitch WhatsUp Professional 2006 - Remote Denial of Service Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References