Ipswitch WhatsUp Professional Authentication Bypass Detection Network Vulnerability

Summary

The remote web server is affected by an authentication bypass flaw. Description : The remote host is running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host allows an attacker to bypass authentication with a specially-crafted request.

Solution

Upgrade to WhatsUp Professional 2006.01 or later.

References

http://www.ftusecurity.com/pub/whatsup.public.pdf
http://www.ipswitch.com/support/whatsup_professional/releases/wup200601.asp
http://www.securityfocus.com/archive/1/434247/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-2531
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
Admin News Tools Multiple Vulnerabilities
ATutor password reminder SQL injection
Adobe ColdFusion Directory Traversal Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability

Ipswitch WhatsUp Professional Authentication bypass detection

Take action and discover your vulnerabilities