Signature Detail

Short Name	HTTP:WHATSUP:DOS-DEV-DOS
Severity	Medium
Recommended	No
Category	HTTP
Keywords	Ipswitch What's Up Gold DOS Device Denial Of Service
Release Date	2004/10/06
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Ipswitch What's Up Gold DOS Device Denial Of Service

This signature detects attempts to exploit a known vulnerability against Ipswitch's What's Up Gold, a network monitoring application. Using the application's Web interface, attackers can send a URL request that contains an MS-DOS device name in the filename portion to create a denial-of-service condition and crash the Web server.

Extended Description

Ipswitch WhatsUp Gold is prone to a remotely exploitable denial of service vulnerability when handling certain HTTP GET requests to the web interface by authenticated users.

Affected Products

Ipswitch WhatsUp Gold 7.0.0
Ipswitch WhatsUp Gold 7.0.0 3
Ipswitch WhatsUp Gold 7.0.0 4
Ipswitch WhatsUp Gold 8.0.0
Ipswitch WhatsUp Gold 8.0.0 1
Ipswitch WhatsUp Gold 8.0.0 3
Ipswitch WhatsUp Gold 8.0.0 3 hotfix 1

References

BugTraq: 11110
CVE: CVE-2004-0799
URL: http://www.ipswitch.com/Support/WhatsUp/patch-upgrades.html
URL: http://www.idefense.com/application/poi/display?id=142&type=vulnerabilities

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Ipswitch What's Up Gold DOS Device Denial Of Service

Extended Description

Affected Products

References