|
|
Family: CGI abuses --> Category: infos
WhatsUp Gold <= 8.04 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in WhatsUp Gold <= 8.04
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server can be used to reveal script source code and
contains an ASP script that is prone to cross-site scripting attacks.
Description :
The remote host is running WhatsUp Gold, an applications and network
monitor and management system for Windows from Ipswitch.
The installed version of WhatsUp Gold returns a script's source code
in response to a URI with an uppercase file extension. This may lead
to the disclosure of sensitive information or subsequent attacks
against the affected application. In addition, WhatsUp Gold also is
prone to cross-site scripting attacks because it fails to sanitize
user-supplied input to the 'map' parameter of the 'map.asp' script.
See also :
http://www.cirt.dk/advisories/cirt-34-advisory.pdf
http://www.cirt.dk/advisories/cirt-35-advisory.pdf
Solution :
Unknown at this time.
Threat Level:
Low / CVSS Base Score : 1
(AV:R/AC:L/Au:R/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
