Lucene search
HistoryJan 10, 2005 - 5:00 a.m.
CVE-2004-1097
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.9
Confidence
High
EPSS
0.018
Percentile
88.1%
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
Affected configurations
Node
cherokeecherokee_httpdMatch0.1
ORcherokeecherokee_httpdMatch0.1.5
ORcherokeecherokee_httpdMatch0.1.6
ORcherokeecherokee_httpdMatch0.2
ORcherokeecherokee_httpdMatch0.2.5
ORcherokeecherokee_httpdMatch0.2.6
ORcherokeecherokee_httpdMatch0.2.7
ORcherokeecherokee_httpdMatch0.4.6
ORcherokeecherokee_httpdMatch0.4.7
ORcherokeecherokee_httpdMatch0.4.8
ORcherokeecherokee_httpdMatch0.4.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cherokee | cherokee_httpd | 0.1 | cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.1.5 | cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.1.6 | cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.2 | cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.2.5 | cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.2.6 | cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.2.7 | cpe:2.3:a:cherokee:cherokee_httpd:0.2.7:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.4.6 | cpe:2.3:a:cherokee:cherokee_httpd:0.4.6:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.4.7 | cpe:2.3:a:cherokee:cherokee_httpd:0.4.7:*:*:*:*:*:*:* |
| cherokee | cherokee_httpd | 0.4.8 | cpe:2.3:a:cherokee:cherokee_httpd:0.4.8:*:*:*:*:*:*:* |
Related
gentoo
gentoo
Cherokee: Format string vulnerability
2004-11-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-02 (cherokee)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200411-02 (cherokee)
2008-09-24 00:00:00
cvelist
cvelist
CVE-2004-1097
2004-12-01 05:00:00
nessus
nessus
GLSA-200411-02 : Cherokee: Format string vulnerability
2004-11-02 00:00:00
Cherokee Web Server auth_pam Authentication Format String
2004-11-03 00:00:00
cve
cve
CVE-2004-1097
2005-01-10 05:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.9
Confidence
High
EPSS
0.018
Percentile
88.1%
Related for NVD:CVE-2004-1097