Vulnerabilities > CVE-2006-2355 - Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ipswitch
nessus

Summary

Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Ipswitch
2

Nessus

NASL familyCGI abuses
NASL idIPSWITCH_WHATSUP_INFO_DISCLOSURE.NASL
descriptionThe remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues, including source code disclosure and cross-site scripting vulnerabilities.
last seen2020-06-01
modified2020-06-02
plugin id21562
published2006-05-15
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21562
titleIpswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(21562);
 script_version("1.24");

 script_cve_id("CVE-2006-2351", "CVE-2006-2352", "CVE-2006-2353", "CVE-2006-2354", "CVE-2006-2355", "CVE-2006-2356", "CVE-2006-2357");
 script_bugtraq_id(17964);

 script_name(english:"Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host appears to be running Ipswitch WhatsUp Professional,
which is used to monitor states of applications, services and hosts. 

The version of WhatsUp Professional installed on the remote host is
prone to multiple issues, including source code disclosure and
cross-site scripting vulnerabilities." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/433808/30/0/threaded" );
 script_set_attribute(attribute:"see_also", value:"http://www.ipswitch.com/products/whatsup/professional/" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2006/05/15");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/11");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe",value:"cpe:/a:ipswitch:whatsup");
 script_end_attributes();
 
 script_summary(english:"Checks for Ipswitch WhatsUp Professional Information Disclosure");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2006-2020 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8022);
 exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:8022, embedded:TRUE);
if (!get_port_state(port)) exit(0);

banner = get_http_banner(port:port);
if ("Server: Ipswitch" >!< banner) exit(0);

req = http_get(item:"/NmConsole/Login.asp.", port:port);
r = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
if( r == NULL )exit(0);

if (
  'SOFTWARE\\\\Ipswitch\\\\Network Monitor\\\\WhatsUp' >< r &&
  (
    '<%= app.GetDialogHeader("Log In") %>' >< r ||
    egrep(pattern:'<%( +if|@ +LANGUAGE="JSCRIPT")', string:r)
  )
) {
  security_warning(port);
  set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}