Detections
Analytics

Ipswitch WhatsUp Gold _maincfgret.cgi Remote Overflow

high Nessus Plugin ID 15564

Language:

Synopsis

A web application on the remote host has a buffer overflow vulnerability.

Description

The '_maincfgret' CGI is installed on the remote web server. Some versions are vulnerable to a buffer overflow. Note that Nessus only checked for the presence of this CGI, and did not attempt to determine whether or not it is vulnerable.

Solution

Upgrade to WhatsUp Gold 8.03 HF 1 if necessary.

See Also

http://www.nessus.org/u?10d9bfab

https://seclists.org/bugtraq/2004/Oct/32

Plugin Details

Severity: High

ID: 15564

File Name: maincfgret.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 10/25/2004

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/25/2004

Exploitable With

Metasploit (Ipswitch WhatsUp Gold 8.03 Buffer Overflow)

Reference Information

CVE: CVE-2004-0798

BID: 11043