Summary
Detail | |||
---|---|---|---|
Vendor | Ntop | First view | 2009-08-21 |
Product | Ntop | Last view | 2014-06-16 |
Version | - | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ntop:ntop |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2014-06-16 | CVE-2014-4165 | Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. |
5 | 2009-08-21 | CVE-2009-2732 | The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
57167 | ntop http.c checkHTTPpassword() Function Basic Authentication Request NULL De... |
ExploitDB Exploits
id | Description |
---|---|
33176 | ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Serv... |
OpenVAS Exploits
id | Description |
---|---|
2009-08-23 | Name : ntop HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vul... File : nvt/ntop_36074.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-04-30 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2015-216.nasl - Type: ACT_GATHER_INFO |
2015-04-17 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-309.nasl - Type: ACT_GATHER_INFO |