Ipswitch WhatsUp Gold <= 8.04 Multiple Vulnerabilities

medium Nessus Plugin ID 19680

Synopsis

The remote web server can be used to reveal script source code and contains an ASP script that is prone to cross-site scripting attacks.

Description

The remote host is running WhatsUp Gold, an applications and network monitor and management system for Windows from Ipswitch.

The installed version of WhatsUp Gold returns a script's source code in response to a URI with an uppercase file extension. This may lead to the disclosure of sensitive information or subsequent attacks against the affected application. In addition, WhatsUp Gold also is prone to cross-site scripting attacks because it fails to sanitize user-supplied input to the 'map' parameter of the 'map.asp' script.

Solution

Unknown at this time.

See Also

http://www.cirt.dk/advisories/cirt-34-advisory.pdf

http://www.cirt.dk/advisories/cirt-35-advisory.pdf

Plugin Details

Severity: Medium

ID: 19680

File Name: wug_804.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 9/12/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ipswitch:whatsup_gold

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/9/2005

Reference Information

BID: 14797, 14799

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990