WhatsUp Gold Web Interface May Let Remote Users Cause Denial of Service Conditions
|
|
SecurityTracker Alert ID: 1011157 |
|
SecurityTracker URL: http://securitytracker.com/id/1011157
|
|
CVE Reference:
CAN-2004-0799
(Links to External Site)
|
Updated: Sep 16 2004
|
Original Entry Date: Sep 4 2004
|
Impact:
Denial of service via network, Not specified
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.03 Prior to Hotfix 2
|
Description:
Two vulnerabilities were reported in WhatsUp Gold. A remote user can cause denial of service conditions.
The vendor reported that a remote authenticated user can trigger a buffer overflow in the processing of Notification instance names via the web interface. The impact was not specified.
It is also reported that a remote authenticated user can issue a certain GET request for 'prn.htm' to cause denial of service conditions.
|
Impact:
A remote user can cause denial of service conditions [Editor's note: The vendor did not indicate what type of denial of service conditions are possible].
The impact for the buffer overflow vulnerability was not disclosed.
|
Solution:
The vendor has issued a fix (WhatsUp Gold 8.03 Hotfix 2), available at:
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/WhatsUp/wug803HF2.exe
|
Vendor URL: www.ipswitch.com/products/whatsup/index.html (Links to External Site)
|
Cause:
Boundary error, Exception handling error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 3 Sep 2004 18:07:12 -0400
Subject: [none]
|
WhatsUp Gold 8.03 Hotfix 2:
> Fixed Buffer overrun for Notification instance names via the web interface
> Fixed DoS issue when issuing a GET request for prn.htm via the web interface
ftp://ftp.ipswitch.com/Ipswitch/Product_Support/WhatsUp/wug803HF2.exe
|
|
