Lucene search

[email protected]CVE-2006-0911

HistoryFeb 28, 2006 - 11:02 a.m.

CVE-2006-0911

2006-02-2811:02:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2006-0911

denial of service

nmservice.exe

ipswitch whatsup professional 2006

remote attackers

cpu consumption

crafted requests

vulnerability

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) “In]” and (2) “b;tnLogIn” parameters, or (3) malformed btnLogIn parameters, possibly involving missing “[” (open bracket) or “[” (closing bracket) characters, as demonstrated by “&btnLogIn=[Log&In]=&” or “&b;tnLogIn=[Log&In]=&” in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.

CPENameOperatorVersion
ipswitch:whatsupipswitch whatsupeqprofessional_2006

CPE	Name	Operator	Version
ipswitch:whatsup	ipswitch whatsup	eq	professional_2006

References

securityreason.com/securityalert/472

www.osvdb.org/23494

www.securityfocus.com/archive/1/425780/100/0/threaded

www.securityfocus.com/bid/16771

www.vupen.com/english/advisories/2006/0704

zur.homelinux.com/Advisories/ipswitch_dos.txt

exchange.xforce.ibmcloud.com/vulnerabilities/24864

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2006-0911

checkpoint_advisories1 prion1