Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
References
Configurations
History
No history.
Information
Published : 2002-08-12 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-0412
Mitre link : CVE-2002-0412
CVE.ORG link : CVE-2002-0412
JSON object : View
Products Affected
luca_deri
- ntop
CWE