6 matches found
ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An...
ntop HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability
The SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntop:ntop"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100255";...
ntop认证头空指针引用拒绝服务漏洞
CVECAN ID: CVE-2009-2732 ntop是一个用来监视和分析unix系统网络使用状况的工具。 ntop在解析Basic认证的HTTP头时存在空指针应用漏洞。在接收到认证报文后ntop会base64解码值,然后基于冒号进行拆分。如果解码的字符串中不存在冒号,就会对用户名使用默认的NULL值。由于在认证过程中使用strlen计算用户名的长度,在处理到空的值时会触发分段错误。以下是有漏洞的代码段: static int checkHTTPpasswordchar theRequestedURL, int theRequestedURLLen UNUSED, char theP...
CVE-2009-2732
Summary (CVE-2009-2732): ntop versions up to 3.3.10 are affected. The issue lies in the HTTP Basic Authorization handling in the embedded webserver: the checkHTTPpassword routine decodes the Authorization header, splits on a colon, and if the decoded string lacks a colon, the code may operate wit...
ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service
Title: ntop = 3.3.10 Basic Authentication Null Pointer Denial of Service --------------------------------------------------------------------------------- Vendor: ntop Vendor URL: www.ntop.org Vendor Response: None Description: A denial of service condition can be reached by specifying an invalid...
ntop 3.3.10 Denial Of Service
Title: ntop = sizeoftheHttpUser usersizeoftheHttpUser-1 = '\0'; . . . Affected Operating Systems: Only tested on Linux Affected Versions: ntop = 3.3.10 CVE: CVE-2009-2732 Credit: Brad Antoniewicz [email protected] code: START modules/auxiliary/dos/http/ntopbasic.rb...