cbcvebase.
CVE-2005-1939
published 2005-12-31

CVE-2005-1939: Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a…

PriorityP347medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
62.88%
99.1th percentile
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).

Affected

1 ranges
VendorProductVersion rangeFixed in
ipswitchwhatsup_small_business

Detection & IOCsextracted from sources · hover to see the quote

port8022
urlhttp://[address of server]:8022/../../../../../../../../../../../boot.ini
path/../../../../../../../../../../../boot.ini
  • Monitor HTTP requests to TCP port 8022 containing '../' (dot-dot-slash) sequences, indicative of directory traversal attempts against the WhatsUp Small Business 2004 Report Service.
  • Alert on requests to port 8022 that include traversal patterns targeting sensitive OS files such as boot.ini, which is a common proof-of-concept target for Windows directory traversal exploits.
  • ·The traversal payload uses an excessive number of '../' sequences (13 levels deep), suggesting the attacker does not need to know the exact web root depth — defenders should flag any multi-level traversal on this port regardless of depth.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.