NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) In] and (2) b;tnLogIn parameters, or (3) malformed btnLogIn parameters, possibly involving missing [ (open bracket) or [ (closing bracket) characters, as demonstrated by &btnLogIn=[Log&In]=& or &b;tnLogIn=[Log&In]=& in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Whatsup | Ipswitch | professional_2006 (including) | professional_2006 (including) |