Ipswitch WhatsUp Gold 'ExportViewer.asp' Directory Traversal Vulnerability

Bugtraq ID:	52745
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 28 2012 12:00AM
Updated:	Mar 28 2012 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Ipswitch WhatsUp Gold 15.0.1 Ipswitch WhatsUp Gold 14.4.1 Ipswitch WhatsUp Gold 14.4 Ipswitch WhatsUp Gold 14.3 Ipswitch WhatsUp Gold 14.2 Ipswitch WhatsUp Gold 15.0
Not Vulnerable:	Ipswitch WhatsUp Gold 15.0.2

Ipswitch WhatsUp Gold 'ExportViewer.asp' Directory Traversal Vulnerability

Ipswitch WhatsUp Gold is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to download or upload arbitrary files outside of the document root directory. This may aid further attacks.

Ipswitch WhatsUp Gold versions 15.0.1 through 14.2 are vulnerable.

Ipswitch WhatsUp Gold 'ExportViewer.asp' Directory Traversal Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Ipswitch WhatsUp Gold 'ExportViewer.asp' Directory Traversal Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Ipswitch WhatsUp Gold 'ExportViewer.asp' Directory Traversal Vulnerability

References:

• WhatsUp Gold Homepage (Ipswitch)
  
• WhatsUp Gold v14.X Patch (WhatsUp Gold)
  
• WhatsUp Gold v15.0.2 (WhatsUp Gold)