Description
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Josh Zlatin-Amishav · textdosasp
https://www.exploit-db.com/exploits/27258
References (7)
Core 7
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0704
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16771
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/472
Exploit, Vendor Advisory x_refsource_misc
http://zur.homelinux.com/Advisories/ipswitch_dos.txt
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23494
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425780/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24864
Scores
EPSS
0.0531
EPSS Percentile
90.1%
Details
CWE
CWE-399
Status
published
Products (1)
ipswitch/whatsup
professional_2006
Published
Feb 28, 2006
Tracked Since
Feb 18, 2026