CVE-2009-2732
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-2732
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ntop认证头空指针引用拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ntop是一套网络流量监控工具。该工具支持自动从网络中识别有用的信息、将截获的数据包转换成易于识别的格式和对网络环境中通信失败的情况进行分析等。 ntop在解析Basic认证的HTTP头时存在空指针应用漏洞。在接收到认证报文后ntop会base64解码值,然后基于冒号进行拆分。如果解码的字符串中不存在冒号,就会对用户名使用默认的NULL值。由于在认证过程中使用strlen()计算用户名的长度,在处理到空的值时会触发分段错误。以下是有漏洞的代码段: static int checkHTTPpassword(
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2009-2732
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2009-2732
请登录查看更多情报信息。
Same Patch Batch · n/a · 2009-08-20 · 22 CVEs total
| CVE-2009-2891 | phpscriptsnow riddles 'list.php' SQL注入漏洞 | |
| CVE-2009-2914 | xzeroscripts xzero_community_classifieds 'index.php' 上传文件名导致跨站脚本攻击漏洞 | |
| CVE-2009-2913 | xzeroscripts xzero_community_classifieds 'index.php' 借助URL跨站脚本攻击漏洞 | |
| CVE-2009-2912 | sun solaris 未明漏洞 | |
| CVE-2009-2694 | Pidgin Libpurple库msn_slplink_process_msg()函数内存破坏漏洞 | |
| CVE-2009-0638 | Cisco防火墙服务模块ICMP消息拒绝服务漏洞 | |
| CVE-2009-2896 | Kde KMPlayer .srt文件处理缓冲区溢出漏洞 | |
| CVE-2009-2895 | phpsugar ultimate_regnow_affiliate 'rss.php' SQL注入漏洞 | |
| CVE-2009-2894 | clone2009 ebay_clone SQL注入漏洞 | |
| CVE-2009-2893 | XZeroScripts XZero Community Classifieds 'index.php'多个跨站脚本攻击漏洞 | |
| CVE-2009-2892 | Scripteen Free Image Hosting Script 'header.php' 多个SQL注入漏洞 | |
| CVE-2009-2881 | artis.imag basilic 'index.php' SQL注入漏洞 | |
| CVE-2009-2890 | phpscriptsnow riddles 'results.php' 跨站脚本攻击漏洞 | |
| CVE-2009-2889 | phpscriptsnow hangman 'index.php' 跨站脚本攻击漏洞 | |
| CVE-2009-2888 | phpscriptsnow hangman 'index.php' SQL注入漏洞 | |
| CVE-2009-2887 | PHP Scripts Now President Bios 'bios.php'跨站脚本攻击漏洞 | |
| CVE-2009-2886 | phpscriptsnow president_bios SQL注入漏洞 | |
| CVE-2009-2885 | PHP Scripts Now World's Tallest Buildings 'bios.php' SQL注入漏洞 | |
| CVE-2009-2884 | phpscriptsnow world%27s_tallest_buildings 跨站脚本攻击漏洞 | |
| CVE-2009-2883 | Arabless SaphpLesson 'admin/login.php' SQL注入漏洞 |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2009-2732
No comments yet