Lucene search
This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.CHEROKEE_0_4_17.NASLHistoryNov 03, 2004 - 12:00 a.m.
Cherokee Web Server auth_pam Authentication Format String
2004-11-0300:00:00
This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
46
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.018
Percentile
88.1%
The remote host is running Cherokee - a fast and tiny web server.
The remote version of this software is vulnerable to a format string attack when processing authentication requests using auth_pam. This could allow a remote attacker to cause a denial of service, or potentially execute arbitrary code.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(15617);
script_version("1.19");
script_cve_id("CVE-2004-1097");
script_bugtraq_id(11574);
script_name(english:"Cherokee Web Server auth_pam Authentication Format String");
script_summary(english:"Checks for version of Cherokee");
script_set_attribute(
attribute:"synopsis",
value:"The remote web server has a format string vulnerability."
);
script_set_attribute( attribute:"description", value:
"The remote host is running Cherokee - a fast and tiny web server.
The remote version of this software is vulnerable to a format string
attack when processing authentication requests using auth_pam. This
could allow a remote attacker to cause a denial of service, or
potentially execute arbitrary code." );
script_set_attribute(
attribute:"see_also",
value:"https://bugs.gentoo.org/show_bug.cgi?id=67667"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to Cherokee 0.4.17.1 or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/03");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/10/15");
script_cvs_date("Date: 2018/11/15 20:50:25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 443);
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
banner = get_http_banner(port:port);
if(!banner)exit(0);
serv = strstr(banner, "Server");
if(ereg(pattern:"^Server:.*Cherokee/0\.([0-3]\.|4\.([0-9]|1[0-7]))[^0-9.]", string:serv))
{
security_hole(port);
}
Related
nessus
nessus
GLSA-200411-02 : Cherokee: Format string vulnerability
2004-11-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-02 (cherokee)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200411-02 (cherokee)
2008-09-24 00:00:00
cvelist
cvelist
CVE-2004-1097
2004-12-01 05:00:00
gentoo
gentoo
Cherokee: Format string vulnerability
2004-11-01 00:00:00
cve
cve
CVE-2004-1097
2005-01-10 05:00:00
nvd
nvd
CVE-2004-1097
2005-01-10 05:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.018
Percentile
88.1%
Related for CHEROKEE_0_4_17.NASL