Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:NTOP-BASIC-AUTHORIZATION |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
ntop Basic Authorization Denial of Service |
Release Date |
2012/11/11 |
Update Number |
2202 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: ntop Basic Authorization Denial of Service
This signature detects attempts to exploit a known vulnerability in ntop basic Authorization. This could lead to a Denial of Service condition.
Extended Description
The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects ntop 3.3.10; other versions may also be affected.
Affected Products
- Luca_deri ntop 3.1.0
- Luca_deri ntop 3.2.0
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Ntop ntop 3.3.10
- Ntop ntop 3.3.9
References
- BugTraq: 36074
- CVE: CVE-2009-2732