TUCoPS :: HP Unsorted I :: b06-2180.htm

Ipswitch whatsup professional multiple flaws
Ipswitch WhatsUp Professional multiple flaws
Ipswitch WhatsUp Professional multiple flaws

WhatsUp is a tool from Ipswitch to monitor application and network,
embedding a custom web server on port 8022.


This custom web server is prone to multiple flaws.

-as authenticated user:

*src disclosure

*there are many XSS flaws, as


-not being authenticated:

*src disclosure

*network nodes information disclosure (name, internal addr, service)

The weaknesses have been confirmed in version 2006, source disclosure
in version 2005 and 2005 SP1 too.
Other versions may also be affected.

No response from vendor.

-Filtered TCP port 8022, ask a patch from vendor if you are a registered user
-Keep an eye on an opensource project: http://gnms.rubyforge.org 

David Maciejak

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH