Ipswitch WhatsUp Professional Authentication Bypass Detection Network Vulnerability

Summary

The remote web server is affected by an authentication bypass flaw. Description : The remote host is running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host allows an attacker to bypass authentication with a specially-crafted request.

Solution

Upgrade to WhatsUp Professional 2006.01 or later.

References

http://www.ftusecurity.com/pub/whatsup.public.pdf
http://www.ipswitch.com/support/whatsup_professional/releases/wup200601.asp
http://www.securityfocus.com/archive/1/434247/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-2531

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
AstroSPACES profile.php SQL Injection Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
b2ePMS Multiple SQL Injection Vulnerabilities
'research_display.php' SQL Injection Vulnerability

Ipswitch WhatsUp Professional Authentication bypass detection

Take action and discover your vulnerabilities