VAR-200605-0057
Vulnerability from variot - Updated: 2025-04-03 22:09Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
1) Input passed to NmConsole/Navigation.asp and to the "sHostname" parameter in NmConsole/ToolResults.asp is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site.
Example: http://[host]:8022/NmConsole/Navigation.asp?">[code]
2) Input passed to NmConsole/Tools.asp and NmConsole/DeviceSelection.asp is also not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site.
3) It's possible to disclose monitored devices without being logged in by passing arbitrary values to the "nDeviceGroupID" parameter in "NmConsole/utility/RenderMap.asp".
Example: http://[host]:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=2
4) Input passed to the "sRedirectUrl" and "sCancelURL" in NmConsole/DeviceSelection.asp is not properly verified, which makes it possible to redirect a user to an arbitrary web site.
It is also possible to disclose the source code of the ASP pages by appending a period to the end of the file extension.
5) Different error messages are returned during login to "NmConsole/Login.asp" depending on whether the supplied username or password is incorrect.
SOLUTION: Restrict access to port 8022/tcp and don't visit other web sites while logged in.
PROVIDED AND/OR DISCOVERED BY: 1, 3, 4) David Maciejak 2, 5, 6) Reported by an anonymous person.
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "whatsup professional",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006"
},
{
"model": "whatsup professional",
"scope": "eq",
"trust": 1.6,
"vendor": "ipswitch",
"version": "2006_premium"
},
{
"model": "whatsup professional",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "20060"
},
{
"model": "whatsup professional premium",
"scope": "eq",
"trust": 0.3,
"vendor": "ipswitch",
"version": "20052006"
}
],
"sources": [
{
"db": "BID",
"id": "87645"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87645"
}
],
"trust": 0.3
},
"cve": "CVE-2006-2355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2355",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-18463",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-281",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-18463",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18463"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. \n\n1) Input passed to NmConsole/Navigation.asp and to the \"sHostname\"\nparameter in NmConsole/ToolResults.asp is not properly sanitised\nbefore being returned to users. This can be exploited to execute\narbitrary HTML and script code in a logged in user\u0027s browser session\nin context of a vulnerable site. \n\nExample:\nhttp://[host]:8022/NmConsole/Navigation.asp?\"\u003e[code]\n\n2) Input passed to NmConsole/Tools.asp and\nNmConsole/DeviceSelection.asp is also not properly sanitised before\nbeing returned to users. This can be exploited to execute arbitrary\nHTML and script code in a logged in user\u0027s browser session in context\nof a vulnerable site. \n\n3) It\u0027s possible to disclose monitored devices without being logged\nin by passing arbitrary values to the \"nDeviceGroupID\" parameter in\n\"NmConsole/utility/RenderMap.asp\". \n\nExample:\nhttp://[host]:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=2\n\n4) Input passed to the \"sRedirectUrl\" and \"sCancelURL\" in\nNmConsole/DeviceSelection.asp is not properly verified, which makes\nit possible to redirect a user to an arbitrary web site. \n\nIt is also possible to disclose the source code of the ASP pages by\nappending a period to the end of the file extension. \n\n5) Different error messages are returned during login to\n\"NmConsole/Login.asp\" depending on whether the supplied username or\npassword is incorrect. \n\nSOLUTION:\nRestrict access to port 8022/tcp and don\u0027t visit other web sites\nwhile logged in. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 3, 4) David Maciejak\n2, 5, 6) Reported by an anonymous person. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2355"
},
{
"db": "BID",
"id": "87645"
},
{
"db": "VULHUB",
"id": "VHN-18463"
},
{
"db": "PACKETSTORM",
"id": "46269"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2355",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "20075",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "25477",
"trust": 1.7
},
{
"db": "XF",
"id": "26504",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200605-281",
"trust": 0.7
},
{
"db": "XF",
"id": "404",
"trust": 0.6
},
{
"db": "BID",
"id": "87645",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-18463",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18463"
},
{
"db": "BID",
"id": "87645"
},
{
"db": "PACKETSTORM",
"id": "46269"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"id": "VAR-200605-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18463"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:09:50.297000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.osvdb.org/25477"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/20075"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26504"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/26504"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9917/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://[host]:8022/nmconsole/utility/rendermap.asp?ndevicegroupid=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20075/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9918/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://[host]:8022/nmconsole/navigation.asp?\"\u003e[code]"
},
{
"trust": 0.1,
"url": "http://[host]:8022/nmconsole"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18463"
},
{
"db": "BID",
"id": "87645"
},
{
"db": "PACKETSTORM",
"id": "46269"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18463"
},
{
"db": "BID",
"id": "87645"
},
{
"db": "PACKETSTORM",
"id": "46269"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-18463"
},
{
"date": "2006-05-15T00:00:00",
"db": "BID",
"id": "87645"
},
{
"date": "2006-05-17T05:39:52",
"db": "PACKETSTORM",
"id": "46269"
},
{
"date": "2006-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"date": "2006-05-15T10:02:00",
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-18463"
},
{
"date": "2006-05-15T00:00:00",
"db": "BID",
"id": "87645"
},
{
"date": "2006-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-281"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch WhatsUp Professional 404 Error message Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-281"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…