The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
References
Configurations
History
No history.
Information
Published : 2009-08-21 11:02
Updated : 2018-10-10 19:42
NVD link : CVE-2009-2732
Mitre link : CVE-2009-2732
CVE.ORG link : CVE-2009-2732
JSON object : View
Products Affected
ntop
- ntop
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer