Lucene search
K

6 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An...

5CVSS6.5AI score0.07273EPSS
Exploits5
OpenVAS
OpenVAS
added 2009/08/23 12:0 a.m.20 views

ntop HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability

The SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntop:ntop"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100255";...

5CVSS6.5AI score0.07273EPSS
Exploits5References3
seebug.org
seebug.org
added 2009/08/21 12:0 a.m.22 views

ntop认证头空指针引用拒绝服务漏洞

CVECAN ID: CVE-2009-2732 ntop是一个用来监视和分析unix系统网络使用状况的工具。 ntop在解析Basic认证的HTTP头时存在空指针应用漏洞。在接收到认证报文后ntop会base64解码值,然后基于冒号进行拆分。如果解码的字符串中不存在冒号,就会对用户名使用默认的NULL值。由于在认证过程中使用strlen计算用户名的长度,在处理到空的值时会触发分段错误。以下是有漏洞的代码段: static int checkHTTPpasswordchar theRequestedURL, int theRequestedURLLen UNUSED, char theP...

5CVSS0.5AI score0.07273EPSS
Exploits5
CVE
CVE
added 2009/08/20 10:0 p.m.59 views

CVE-2009-2732

Summary (CVE-2009-2732): ntop versions up to 3.3.10 are affected. The issue lies in the HTTP Basic Authorization handling in the embedded webserver: the checkHTTPpassword routine decodes the Authorization header, splits on a colon, and if the decoded string lacks a colon, the code may operate wit...

5CVSS6.5AI score0.07273EPSS
Exploits5References5Affected Software1
securityvulns
securityvulns
added 2009/08/18 12:0 a.m.69 views

ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service

Title: ntop = 3.3.10 Basic Authentication Null Pointer Denial of Service --------------------------------------------------------------------------------- Vendor: ntop Vendor URL: www.ntop.org Vendor Response: None Description: A denial of service condition can be reached by specifying an invalid...

5CVSS0.07273EPSS
Exploits5
Packet Storm
Packet Storm
added 2009/08/18 12:0 a.m.38 views

ntop 3.3.10 Denial Of Service

Title: ntop = sizeoftheHttpUser usersizeoftheHttpUser-1 = '\0'; . . . Affected Operating Systems: Only tested on Linux Affected Versions: ntop = 3.3.10 CVE: CVE-2009-2732 Credit: Brad Antoniewicz [email protected] code: START modules/auxiliary/dos/http/ntopbasic.rb...

5CVSS6.5AI score0.07273EPSS
Exploits5
Rows per page
Query Builder