CVE-2005-1939
published 2005-12-31CVE-2005-1939: Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a…
PriorityP347medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
62.88%
99.1th percentile
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipswitch | whatsup_small_business | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to TCP port 8022 containing '../' (dot-dot-slash) sequences, indicative of directory traversal attempts against the WhatsUp Small Business 2004 Report Service. ↗
- →Alert on requests to port 8022 that include traversal patterns targeting sensitive OS files such as boot.ini, which is a common proof-of-concept target for Windows directory traversal exploits. ↗
- ·The traversal payload uses an excessive number of '../' sequences (13 levels deep), suggesting the attacker does not need to know the exact web root depth — defenders should flag any multi-level traversal on this port regardless of depth. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://cirt.dk/advisories/cirt-40-advisory.pdfhttp://secunia.com/advisories/15500http://secunia.com/secunia_research/2005-14/advisory/http://securitytracker.com/id?1015141http://www.securityfocus.com/bid/15291https://exchange.xforce.ibmcloud.com/vulnerabilities/22969http://cirt.dk/advisories/cirt-40-advisory.pdfhttp://secunia.com/advisories/15500http://secunia.com/secunia_research/2005-14/advisory/http://securitytracker.com/id?1015141http://www.securityfocus.com/bid/15291https://exchange.xforce.ibmcloud.com/vulnerabilities/22969
2005-12-31
Published