Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cherokee-project cherokee vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-20800
In Cherokee up to and including 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.
Cherokee-project Cherokee
6.8
CVSSv2
CVE-2014-4668
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and previous versions, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote malicious users to bypass authentication via an empty password.
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 22
Mageia Project Mageia 4
Cherokee-project Cherokee 1.2.98
Cherokee-project Cherokee 1.2.2
Cherokee-project Cherokee 1.2.101
Cherokee-project Cherokee 1.2.99
Cherokee-project Cherokee
Cherokee-project Cherokee 1.2.102
6.8
CVSSv2
CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee prior to 1.2.99 allows remote malicious users to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to...
Cherokee-project Cherokee 1.0.0
Cherokee-project Cherokee 1.0.1
Cherokee-project Cherokee 1.0.8
Cherokee-project Cherokee 1.0.9
Cherokee-project Cherokee 1.0.16
Cherokee-project Cherokee 1.0.17
Cherokee-project Cherokee 1.0.18
Cherokee-project Cherokee 0.99.4
Cherokee-project Cherokee 0.99.5
Cherokee-project Cherokee 0.99.12
Cherokee-project Cherokee 0.99.13
Cherokee-project Cherokee 0.99.20
Cherokee-project Cherokee 0.99.21
Cherokee-project Cherokee 0.99.22
Cherokee-project Cherokee 0.99.29
Cherokee-project Cherokee 0.99.30
Cherokee-project Cherokee 0.99.37
Cherokee-project Cherokee 0.99.38
Cherokee-project Cherokee 0.99.46
Cherokee-project Cherokee 0.99.47
Cherokee-project Cherokee 0.11.2
Cherokee-project Cherokee 0.11.3
6
CVSSv2
CVE-2019-20798
An XSS issue exists in handler_server_info.c in Cherokee up to and including 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfig...
Cherokee-project Cherokee
5
CVSSv2
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_b...
Cherokee-project Cherokee
5
CVSSv2
CVE-2019-20799
In Cherokee up to and including 1.2.104, multiple memory corruption errors may be used by a remote malicious user to destabilize the work of a server.
Cherokee-project Cherokee
5
CVSSv2
CVE-2019-1010218
Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version ...
Cherokee-project Cherokee Web Server
3 Github repositories
5
CVSSv2
CVE-2009-4489
header.c in Cherokee prior to 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an esca...
Cherokee-project Cherokee
1 EDB exploit
2.1
CVSSv2
CVE-2011-2190
The generate_admin_password function in Cherokee prior to 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
Cherokee-project Cherokee 1.2.0
Cherokee-project Cherokee 1.0.1
Cherokee-project Cherokee 1.0.8
Cherokee-project Cherokee 1.0.10
Cherokee-project Cherokee 1.0.17
Cherokee-project Cherokee 1.0.19
Cherokee-project Cherokee 0.99.3
Cherokee-project Cherokee 0.99.5
Cherokee-project Cherokee 0.99.12
Cherokee-project Cherokee 0.99.14
Cherokee-project Cherokee 0.99.21
Cherokee-project Cherokee 0.99.23
Cherokee-project Cherokee 0.99.28
Cherokee-project Cherokee 0.99.30
Cherokee-project Cherokee 0.99.37
Cherokee-project Cherokee 0.99.39
Cherokee-project Cherokee 0.99.46
Cherokee-project Cherokee 0.99.48
Cherokee-project Cherokee 0.11.1
Cherokee-project Cherokee 0.11.3
Cherokee-project Cherokee 0.9.1
Cherokee-project Cherokee 0.9.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started