GEN:SID 1:2663
Message WEB-CGI WhatsUpGold instancename overflow attempt
Summary This event is generated when an attempt is made to exploit a vulnerability
associated with the web server of WhatsUp Gold.
Impact A successful attack can cause a denial of service or a buffer overflow and
the subsequent execution of arbitrary code on a vulnerable server.
Detailed Information WhatsUp Gold is a Windows application that can be used to monitor the status
of a network and the availability and performance of servers.  A vulnerability
exists in the web server component of WhatsUp Gold that can cause a denial of
service or buffer overflow and the subsequent execution of arbitrary code on a
vulnerable server.  This can occur when an overly long value is passed to the
parameter "instancename" when invoking the _maincfgret CGI. It should be noted
that the web server is not enabled by default in WhatsUp Gold.
Affected Systems WhatsUp Gold 8.x.
Attack Scenarios An attacker can connect to a web-enabled WhatsUp Gold server and send
an overly long value to the "instancename" when calling _maincfgret,
possibly causing a denial of service or buffer overflow.
Ease of Attack Denial of service - simple, buffer overflow - harder.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References bugtraq: 11043
cve: 2004-0798