Back to search
CVE-2009-2732
Published: Aug 20, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
36403
third-party-advisory
x_refsource_SECUNIA
20090818 ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
mailing-list
x_refsource_BUGTRAQ
20090818 (Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
mailing-list
x_refsource_BUGTRAQ
ADV-2009-2317
vdb-entry
x_refsource_VUPEN
MDVSA-2010:181
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now