Lucene search

[email protected]CVE-2002-0412

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0412

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

nvd

cve-2002-0412

ntop 2.1

http get request

http authentication

format string vulnerability

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.091 Low

EPSS

Percentile

94.7%

JSON

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.

Affected configurations

NVD

Node

luca_derintopMatch2.0

CPENameOperatorVersion
luca_deri:ntopluca deri ntopeq2.0

CPE	Name	Operator	Version
luca_deri:ntop	luca deri ntop	eq	2.0

References

archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html

listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html

marc.info/?l=bugtraq&m=101854261030453&w=2

marc.info/?l=bugtraq&m=101856541322245&w=2

marc.info/?l=bugtraq&m=101908224609740&w=2

online.securityfocus.com/archive/1/259642

snapshot.ntop.org/

www.iss.net/security_center/static/8347.php

www.osvdb.org/5307

www.securityfocus.com/bid/4225

8.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.091 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2002-0412

nvd1 cvelist1