Denial of Service in ntop Affected by Improper HTTP Authentication
CVE-2009-2732

Currently unrated

Key Information:

Vendor

Ntop

Status
Ntop
Vendor
CVE Published:
21 August 2009

What is CVE-2009-2732?

The checkHTTPpassword function in ntop versions 3.3.10 and earlier is susceptible to a denial of service attack. Attackers can exploit this vulnerability by manipulating the Authorization HTTP header to lack a colon in the base64-decoded string. This leads to a NULL pointer dereference, resulting in a crash of the ntop daemon. Remote attackers can leverage this flaw to disrupt the service, impacting availability for legitimate users.

References

http://secunia.com/advisories/36403
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/505862/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/505876/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.