Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and previous versions, when authenticating via auth_pam, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cherokee cherokee httpd 0.1.6 |
||
cherokee cherokee httpd 0.2 |
||
cherokee cherokee httpd 0.1 |
||
cherokee cherokee httpd 0.1.5 |
||
cherokee cherokee httpd 0.4.6 |
||
cherokee cherokee httpd 0.4.7 |
||
cherokee cherokee httpd 0.4.8 |
||
cherokee cherokee httpd 0.2.7 |
||
cherokee cherokee httpd 0.4.17 |
||
cherokee cherokee httpd 0.2.5 |
||
cherokee cherokee httpd 0.2.6 |