Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D686D43ECEC366CBA10CF71EF6E255B7
HistorySep 08, 2006 - 12:00 a.m.

WhatsUp Gold _maincfgret.cgi instancename buffer overflow

2006-09-0800:00:00
SAINT Corporation
my.saintcorporation.com
40

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.1%

JSON

Added: 09/08/2006
CVE: CVE-2004-0798
BID: 11043
OSVDB: 9177

Background

WhatsUp Professional (formerly WhatsUp Gold) is a network mapping and monitoring tool.

Problem

A buffer overflow in the WhatsUp Gold web interface allows remote command execution by requesting **_maincfgret.cgi** with a long **instancename** parameter.

Resolution

Install WhatsUp Gold 8.03 Hotfix 1.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=133&amp;type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=133&type=vulnerabilities
>)

Limitations

Exploit works on Ipswitch WhatsUp Gold 8.03.

Successful exploitation requires valid user credentials with permissions to Configure Program and Configure Reports.

Note that the WhatsUp Gold installation path may affect the success of this exploit. The exploit is designed to work with the default installation path only.

Platforms

Windows

Related

saint 3
checkpoint_advisories 1
nvd 1
openvas 2
cve 1
nessus 1
packetstorm 1
securityvulns 1
cvelist 1
kaspersky 1
saint
saint
WhatsUp Gold _maincfgret.cgi instancename buffer overflow
2006-09-08 00:00:00
WhatsUp Gold _maincfgret.cgi instancename buffer overflow
2006-09-08 00:00:00
WhatsUp Gold _maincfgret.cgi instancename buffer overflow
2006-09-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Ipswitch WhatsUp Gold Web Server Buffer Overflow (CVE-2004-0798)
2010-02-14 00:00:00
nvd
nvd
CVE-2004-0798
2004-10-20 04:00:00
openvas
openvas
Whatsup Gold vulnerable CGI
2005-11-03 00:00:00
Whatsup Gold vulnerable CGI
2005-11-03 00:00:00
cve
cve
CVE-2004-0798
2004-10-20 04:00:00
nessus
nessus
Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow
2004-10-25 00:00:00
packetstorm
packetstorm
Ipswitch WhatsUp Gold 8.03 Buffer Overflow
2009-11-26 00:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 08.25.04: Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability
2004-08-30 00:00:00
cvelist
cvelist
CVE-2004-0798
2004-08-27 04:00:00
kaspersky
kaspersky
KLA10226 Multiple vulnerabilities in WahtsUp Gold
2004-10-20 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.1%

JSON
Related for SAINT:D686D43ECEC366CBA10CF71EF6E255B7
saint3checkpoint_advisories1nvd1openvas2cve1nessus1packetstorm1securityvulns1cvelist1kaspersky1