|
Family: CGI abuses --> Category: infos
Ipswitch WhatsUp Professional Authentication bypass detection Vulnerability Scan
Vulnerability Scan Summary Checks for Ipswitch WhatsUp Professional Authentication Bypass
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an authentication bypass flaw.
Description :
The remote host is running Ipswitch WhatsUp Professional, which is
used to monitor states of applications, services and hosts.
The version of WhatsUp Professional installed on the remote host
allows a possible hacker to bypass authentication with a specially-crafted
request.
See also :
http://www.ftusecurity.com/pub/whatsup.public.pdf
http://www.securityfocus.com/archive/1/434247/30/0/threaded
http://www.ipswitch.com/support/whatsup_professional/releases/wup200601.asp
Solution :
Upgrade to WhatsUp Professional 2006.01 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|