CVE-2009-2732
Published: 21 August 2009
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Priority
Status
Package | Release | Status |
---|---|---|
ntop Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(3:3.3-12)
|
|
maverick |
Not vulnerable
(3:3.3-12)
|
|
natty |
Not vulnerable
(3:3.3-12)
|
|
oneiric |
Not vulnerable
(3:3.3-12)
|
|
upstream |
Needs triage
|