Description

ntopng before 4.2 has an authentication bypass vulnerability. An attacker can bypass the webserver's authentication with a specially crafted HTTP request.

Remediation

Upgrade to the latest version of ntopng

References

ntopng multiple vulnerabilities

ntopng

Related Vulnerabilities

WordPress Plugin Deeper Comments Security Bypass (2.1.1)

Joomla! Core 3.x.x Security Bypass (3.8.0 - 3.9.3)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Security Bypass (4.5.5)

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Security Bypass (2.5.1)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Authentication Bypass