CVE-2015-8368

Опубликовано: 17 дек. 2015

Источник: debian

Описание

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ntopng	fixed	2.2+dfsg1-1		package
ntopng	no-dsa		jessie	package

Примечания

fixed upstream in 2.2
https://www.exploit-db.com/exploits/38836/
https://github.com/ntop/ntopng/commit/2e0620be3410f5e22c9aa47e261bc5a12be692c6

Связанные уязвимости

CVE-2015-8368

ubuntu

около 10 лет назад

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

CVE-2015-8368

nvd

около 10 лет назад

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

GHSA-h398-48h8-5rg7

github

больше 3 лет назад

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.