Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against IPSwitch WhatsUp Professional DoS Vulnerability

Subscribe

Check Point Reference: CPAI-2006-038
Date Published:
Severity:
Last Updated:
Source: FrSIRT/ADV-2006-0704
Industry Reference(s): CVE-2006-0911
Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
WhatsUp Professional 2006
Vulnerability Description
IPSwitch WhatsUp Professional 2006 is a network management and monitoring tool. A vulnerability has been identified in IPSwitch WhatsUp, which could be exploited by remote attackers to cause a denial of service.
Update/Patch Available
No patch is available at the moment.
Vulnerability Details
The flaw is due to an error in the "Login.asp" script that fails to properly handle certain requests. A remote attacker could send a crafted URL to the login.asp to crash the NmService service or consume a large amount of system resources.

Protection Overview
The Update enables the HTTP Worm Catcher to detect and block the vulnerability based on pre-defined worm signatures.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
All in all, The update includes the following protections:

  • MS-RPC Protections Enforced on TCP Ports (CPSA-2006-03)
  • Oracle Reports/Forms Vulnerability (CPAI-2006-037)
  • IPSwitch WhatUp Professional DoS (CPAI-2006-038)
  • Multiple Products LDAP Vulnerabilities (CPAI-2006-039)
  • Multiple Products FTP Servers Vulnerabilities (CPAI-2006-040)

VPN-1 NGX R61

How Can I Protect My Network?
1. Update your SmartDefense: Click the SmartDefense Services tab, In the left pane from the drop-down list, click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following pattern:

IPSwitch WhatsUp Professional DoS

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: IPSwitch WhatsUp Professional DoS

VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W, VSX

How Can I Protect My Network?
1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following pattern:

IPSwitch WhatsUp Professional DoS

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: IPSwitch WhatsUp Professional DoS

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
1. Update your SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following pattern:

IPSwitch WhatsUp Professional DoS

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: IPSwitch WhatsUp Professional DoS

InterSpect NGX

How Can I Protect My Network?
1. Update your SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
3. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
4. Enable the following pattern:

IPSwitch WhatsUp Professional DoS

5. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: IPSwitch WhatsUp Professional DoS

InterSpect 2.0

How Can I Protect My Network?

1. Update your SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Malicious Code > General HTTP Worm Defender.
3. Enable the following patterns:

IPSwitch WhatsUp Professional DoS

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information: IPSwitch WhatsUp Professional DoS