AOH :: HP Unsorted I :: B06-2180.HTM

Ipswitch whatsup professional multiple flaws



Ipswitch WhatsUp Professional multiple flaws
Ipswitch WhatsUp Professional multiple flaws



WhatsUp is a tool from Ipswitch to monitor application and network,
embedding a custom web server on port 8022.

Description:

This custom web server is prone to multiple flaws.

-as authenticated user:

*src disclosure
http://server:8022/NmConsole/Login.asp. 

*there are many XSS flaws, as
&nDeviceID=&nDeviceID= 
http://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHostname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize=32&btnPing=Ping 

*redirection
http://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/DevicePassiveMonitorSyslog.asp&sCancelURL=http://www.google.fr 

-not being authenticated:

*src disclosure
http://server:8022/NmConsole/Login.asp. 

*network nodes information disclosure (name, internal addr, service)
http://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0 



The weaknesses have been confirmed in version 2006, source disclosure
in version 2005 and 2005 SP1 too.
Other versions may also be affected.

No response from vendor.

Solution:
-Filtered TCP port 8022, ask a patch from vendor if you are a registered user
-Keep an eye on an opensource project: http://gnms.rubyforge.org 


David Maciejak

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.