CVE-2009-2732
Published: 21 August 2009
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ntop Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Not vulnerable
(3:3.3-12)
|
|
| maverick |
Not vulnerable
(3:3.3-12)
|
|
| natty |
Not vulnerable
(3:3.3-12)
|
|
| oneiric |
Not vulnerable
(3:3.3-12)
|
|
| upstream |
Needs triage
|