CVE-2006-0911

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional 2006

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, via crafted requests to "Login.asp". This may involve the In and btnLogIn parameters, or malformed btnLogIn parameters, possibly due to missing or incorrect bracket characters. Examples of such crafted requests include "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL.

Recommendations For Ipswitch WhatsUp Professional 2006, consider restricting access to the "Login.asp" endpoint until a fix is available. As a temporary workaround, avoid using the btnLogIn parameter in the affected API endpoint.