VDB
CVE-2009-2732
CVE-2009-2732
PUBLISHED
CVSS 5 MEDIUM
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
EPSS 5.59% · 90.5th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
5.59%
90.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ntop | ntop | 0 |
| n/a | n/a | n/a |
Timeline
- Aug 18, 2009 PoC Published
- Aug 20, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 36403 third-party-advisory
- 20090818 ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service mailing-list
- 20090818 (Reposting truncated message) Re: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service mailing-list
- ADV-2009-2317 vdb
- MDVSA-2010:181 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-2732 advisory