Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cherokee vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2009-4489
header.c in Cherokee prior to 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an esca...
Cherokee-project Cherokee
1 EDB exploit
5
CVSSv2
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_b...
Cherokee-project Cherokee
6
CVSSv2
CVE-2019-20798
An XSS issue exists in handler_server_info.c in Cherokee up to and including 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfig...
Cherokee-project Cherokee
5
CVSSv2
CVE-2019-20799
In Cherokee up to and including 1.2.104, multiple memory corruption errors may be used by a remote malicious user to destabilize the work of a server.
Cherokee-project Cherokee
5
CVSSv2
CVE-2009-4587
Cherokee Web Server 0.5.4 allows remote malicious users to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.
Cherokee Cherokee 0.5.4
1 EDB exploit
4.6
CVSSv2
CVE-2004-1946
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and previous versions allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be ex...
Cherokee Cherokee Httpd 0.4.16
5
CVSSv2
CVE-2019-1010218
Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version ...
Cherokee-project Cherokee Web Server
3 Github repositories
5
CVSSv2
CVE-2009-3902
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and previous versions for Windows allows remote malicious users to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
Cherokee Cherokee Httpd 0.5.4
1 EDB exploit
5
CVSSv2
CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal e...
Yaws Yaws 1.85
1 EDB exploit
5
CVSSv2
CVE-2003-0083
Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...
Apache Http Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »