CVE-2009-2732
published 2009-08-21CVE-2009-2732: The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.27%
93.6th percentile
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ntop | ntop | <= 3.3.10 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ntop: NULL pointer dereference by HTTP Basic Authentication (DoS)
vendor_redhat·2009-08-08·CVSS 5.0
CVE-2009-2732 [MEDIUM] CWE-476 ntop: NULL pointer dereference by HTTP Basic Authentication (DoS)
ntop: NULL pointer dereference by HTTP Basic Authentication (DoS)
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
GHSA
GHSA-h3h4-v8x5-4h4j: The checkHTTPpassword function in http
ghsa_unreviewed·2022-05-02
CVE-2009-2732 [MEDIUM] CWE-119 GHSA-h3h4-v8x5-4h4j: The checkHTTPpassword function in http
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
No detection rules found.
http://secunia.com/advisories/36403http://www.mandriva.com/security/advisories?name=MDVSA-2010:181http://www.securityfocus.com/archive/1/505862/100/0/threadedhttp://www.securityfocus.com/archive/1/505876/100/0/threadedhttp://www.vupen.com/english/advisories/2009/2317http://secunia.com/advisories/36403http://www.mandriva.com/security/advisories?name=MDVSA-2010:181http://www.securityfocus.com/archive/1/505862/100/0/threadedhttp://www.securityfocus.com/archive/1/505876/100/0/threadedhttp://www.vupen.com/english/advisories/2009/2317
2009-08-21
Published