Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cherokee vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-20800
In Cherokee up to and including 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.
Cherokee-project Cherokee
7.5
CVSSv3
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_b...
Cherokee-project Cherokee
NA
CVE-2009-4587
Cherokee Web Server 0.5.4 allows remote malicious users to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.
Cherokee Cherokee 0.5.4
1 EDB exploit
NA
CVE-2009-4489
header.c in Cherokee prior to 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an esca...
Cherokee-project Cherokee
1 EDB exploit
8.4
CVSSv3
CVE-2019-20798
An XSS issue exists in handler_server_info.c in Cherokee up to and including 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfig...
Cherokee-project Cherokee
NA
CVE-2004-1946
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and previous versions allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be ex...
Cherokee Cherokee Httpd 0.4.16
7.5
CVSSv3
CVE-2019-1010218
Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version ...
Cherokee-project Cherokee Web Server
3 Github repositories
NA
CVE-2009-3902
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and previous versions for Windows allows remote malicious users to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
Cherokee Cherokee Httpd 0.5.4
1 EDB exploit
NA
CVE-2003-0083
Apache 1.3 prior to 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for malicious users to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences,...
Apache Http Server
NA
CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal e...
Yaws Yaws 1.85
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »