Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Ipswitch WhatsUp Professional 2006 Multiple Vulnerabilities

Subscribe

Check Point Reference: CPAI-2006-058
Date Published:
Severity:
Last Updated:
Source: Full-disclosure
SecuriTeam
Industry Reference(s): CVE-2006-2353
CVE-2006-2357
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
WhatsUp Professional 2006
Vulnerability Description
WhatsUp is a tool from Ipswitch that monitors application and network. WhatsUp runs a custom web server for the application Web interface on port 8022. Multiple flaws have been identified in the server including XSS vulnerabilities, page redirection via cross site scripting and header spoofing attacks.
Vulnerability Details

The server suffers from several flaws, including:

  • Source disclosure in several pages
  • Disclosure of network nodes information (name, internal addr, service)
  • XSS vulnerabilities
  • Page redirection via cross-site-scripting

    For more information, see SecuriTeam Advisory.

Protection Overview
The Update enables the HTTP Worm Catcher to detect and block the vulnerability based on a pre-defined worm signature.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update from June 6, 2006 includes the following protections:

Adobe Reader Extensions Protection (CPAI-2006-056)
osCommerce SQL Injection Protection (CPAI-2006-057)
Ipswitch WhatsUp Professional Multiple Vulnerabilities Protection (CPAI-2006-058)
SAP Business Connector Protection (CPAI-2006-059)
Apache Header Injection Protection (CPAI-2006-060)
MS ISA Server 2004 Manipulation Protection (CPAI-2006-061)

VPN-1 NGX R61

How Can I Protect My Network?

1. Update SmartDefense: Click the SmartDefense Services tab, click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

 Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Ipswitch WhatsUp Professional Page Redirection
Ipswitch WhatsUp Professional XSS vulnerability 1
Ipswitch WhatsUp Professional XSS vulnerability 2
Ipswitch WhatsUp Professional Source Disclosure
Ipswitch WhatsUp RenderMap Vulnerability
Ipswitch WhatsUp HTTP Bypass Vulnerability

VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

 Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Ipswitch WhatsUp Professional Page Redirection
Ipswitch WhatsUp Professional XSS Vulnerability 1
Ipswitch WhatsUp Professional XSS Vulnerability 2
Ipswitch WhatsUp Professional Source Disclosure
Ipswitch WhatsUp RenderMap Vulnerability
Ipswitch WhatsUp HTTP Bypass Vulnerability

VPN-1 NG with Application Intelligence R55, R54

How Can I Protect My Network?
1. Update SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web and then click General HTTP Worm Catcher.
3. Enable the following patterns:

 Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Ipswitch WhatsUp Professional Page Redirection
Ipswitch WhatsUp Professional XSS Vulnerability 1
Ipswitch WhatsUp Professional XSS Vulnerability 2
Ipswitch WhatsUp Professional Source Disclosure
Ipswitch WhatsUp RenderMap Vulnerability
Ipswitch WhatsUp HTTP Bypass Vulnerability

VPN-1 VSX NGX

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

 Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Ipswitch WhatsUp Professional Page Redirection
Ipswitch WhatsUp Professional XSS Vulnerability 1
Ipswitch WhatsUp Professional XSS Vulnerability 2
Ipswitch WhatsUp Professional Source Disclosure
Ipswitch WhatsUp RenderMap Vulnerability
Ipswitch WhatsUp HTTP Bypass Vulnerability

InterSpect NGX

How Can I Protect My Network?

1. Update SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
3. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
4. Enable the following patterns:

 Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

5. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

InterSpect 2.0

How Can I Protect My Network?
1.Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Web > General HTTP Worm Defender.
3. Enable the following patterns:

 Ipswitch WhatsUp Professional Page Redirection
 Ipswitch WhatsUp Professional XSS Vulnerability 1
 Ipswitch WhatsUp Professional XSS Vulnerability 2
 Ipswitch WhatsUp Professional Source Disclosure
 Ipswitch WhatsUp RenderMap Vulnerability
 Ipswitch WhatsUp HTTP Bypass Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Ipswitch WhatsUp Professional Page Redirection
Ipswitch WhatsUp Professional XSS Vulnerability 1
Ipswitch WhatsUp Professional XSS Vulnerability 2
Ipswitch WhatsUp Professional Source Disclosure
Ipswitch WhatsUp RenderMap Vulnerability
Ipswitch WhatsUp HTTP Bypass Vulnerability