Published: 21/08/2009 Updated: 10/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The checkHTTPpassword function in http.c in ntop 3.3.10 and previous versions allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntop ntop

Debian Bug report logs - #543312 CVE-2009-2732: Basic Authentication Null Pointer Denial of Service Package: ntop; Maintainer for ntop is Ludovico Cavedon <cavedon@debianorg>; Source for ntop is src:ntop (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Mon, 24 Aug 2009 06:54:10 UTC ...

source: wwwsecurityfocuscom/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver An attacker can exploit this issue to crash the affected application, denying service to legi ...

ntop versions 3310 and below suffer from a basic authentication null pointer denial of service vulnerability ...

CWE-119 http://secunia.com/advisories/36403 http://www.vupen.com/english/advisories/2009/2317 http://www.mandriva.com/security/advisories?name=MDVSA-2010:181 http://www.securityfocus.com/archive/1/505876/100/0/threaded http://www.securityfocus.com/archive/1/505862/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543312 https://nvd.nist.gov https://www.exploit-db.com/exploits/33176/

CVE-2009-2732

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect