Lucene search
Cherokee directory traversal flaw
🗓️ 03 Nov 2005 00:00:00Reported by This script is Copyright (C) 2004 David MaciejakType 
openvas🔗 plugins.openvas.org👁 20 Views
The remote host is running Cherokee web server which is vulnerable to a directory traversal flaw allowing remote attackers to browse any file on the server with root privileges. The version fails to drop root privileges after it binds to listen port
Show more
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | CVE-2001-1432 | 24 Mar 200505:00 | – | cvelist |
 | CVE-2001-1432 | 24 Mar 200505:00 | – | cve |
| Cherokee directory traversal flaw | 3 Nov 200500:00 | – | openvas |
 | CVE-2001-1432 | 29 Dec 200105:00 | – | nvd |
 | Cherokee Web Server URI Traversal Arbitrary File Access | 4 Nov 200400:00 | – | nessus |
# OpenVAS Vulnerability Test
# $Id: cherokee_dir_traversal.nasl 8023 2017-12-07 08:36:26Z teissa $
# Description: Cherokee directory traversal flaw
#
# Authors:
# David Maciejak <david dot maciejak at kyxar dot fr>
# based on work from (C) Tenable Network Security
#
# Copyright:
# Copyright (C) 2004 David Maciejak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "The remote host is running Cherokee - a fast and tiny web server.
The remote version of this software is vulnerable to directory
traversal flaw when appending a '../' sequence to the web request.
Additionally, this version fails to drop root privileges after it binds
to listen port.
Remote attacker can then submit specially crafted web request to
browse any file on the server with root privileges.";
tag_solution = "Upgrade to Cherokee 0.2.8 or newer";
# Ref: GOBBLES advisory on December 29th, 2001.
if(description)
{
script_id(15621);
script_version("$Revision: 8023 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_cve_id("CVE-2001-1432");
script_bugtraq_id(3772);
name = "Cherokee directory traversal flaw";
script_name(name);
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("This script is Copyright (C) 2004 David Maciejak");
family = "Gain a shell remotely";
script_family(family);
script_dependencies("gb_get_http_banner.nasl");
script_mandatory_keys("Cherokee/banner");
script_require_ports("Services/www", 443);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
port = get_http_port(default:80);
if(!get_port_state(port))exit(0);
banner = get_http_banner(port: port);
if(!banner)exit(0);
serv = strstr(banner, "Server");
if(ereg(pattern:"^Server:.*Cherokee/0\.([01]\.|2\.[0-7])[^0-9]", string:serv))
{
security_message(port);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Nov 2005 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.0057