Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cherokee vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-20799
In Cherokee up to and including 1.2.104, multiple memory corruption errors may be used by a remote malicious user to destabilize the work of a server.
Cherokee-project Cherokee
668
VMScore
CVE-2019-20800
In Cherokee up to and including 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.
Cherokee-project Cherokee
505
VMScore
CVE-2009-4489
header.c in Cherokee prior to 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an esca...
Cherokee-project Cherokee
1 EDB exploit
505
VMScore
CVE-2009-4587
Cherokee Web Server 0.5.4 allows remote malicious users to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.
Cherokee Cherokee 0.5.4
1 EDB exploit
534
VMScore
CVE-2019-20798
An XSS issue exists in handler_server_info.c in Cherokee up to and including 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfig...
Cherokee-project Cherokee
409
VMScore
CVE-2004-1946
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and previous versions allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be ex...
Cherokee Cherokee Httpd 0.4.16
446
VMScore
CVE-2019-1010218
Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version ...
Cherokee-project Cherokee Web Server
4 Github repositories
505
VMScore
CVE-2009-3902
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and previous versions for Windows allows remote malicious users to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
Cherokee Cherokee Httpd 0.5.4
1 EDB exploit
445
VMScore
CVE-2003-0083
Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...
Apache Http Server
505
VMScore
CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal e...
Yaws Yaws 1.85
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »