CVE-2002-0412
Published Aug 12, 2002
Last updated 8 years ago
Overview
- Description
- Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:luca_deri:ntop:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECBA05AB-4CB0-4B94-AFB6-D220F55D5E1D"
}
],
"operator": "OR"
}
]
}
]