Lucene search
K

232 matches found

RedhatCVE
RedhatCVE
added 2022/05/20 10:25 p.m.27 views

CVE-2019-20798

An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...

8.4CVSS3.2AI score0.01654EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2021-0019)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.03204EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.14 views

Mageia: Security Advisory (MGASA-2015-0181)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.02844EPSS
Exploits0References4
OSV
OSV
added 2021/01/10 7:46 p.m.8 views

MGASA-2021-0019 Updated cherokee packages fix security vulnerability

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5CVSS7.5AI score0.03204EPSS
Exploits1References2
Mageia
Mageia
added 2021/01/10 7:46 p.m.38 views

Updated cherokee packages fix security vulnerability

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5CVSS1.4AI score0.03204EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/12/24 12:0 a.m.42 views

GLSA-202012-09 : Cherokee: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202012-09 Cherokee: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...

9.8CVSS7.5AI score0.06643EPSS
Exploits5References6
Gentoo Linux
Gentoo Linux
added 2020/12/23 12:0 a.m.109 views

Cherokee: Multiple vulnerabilities

Background Cherokee is an extra-light web server. Description Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

9.8CVSS2.5AI score0.06643EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2020/09/28 3:45 p.m.32 views

Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2020/07/29 12:0 a.m.19 views

Cherokee Web Server 0.4.27 <= 1.2.104 DoS Vulnerability

Cherokee Web Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.03204EPSS
Exploits1References4
CNVD
CNVD
added 2020/07/28 12:0 a.m.5 views

Cherokee Code Issue Vulnerability

Cherokee is an open source web server. A security vulnerability exists in Cherokee versions 0.4.27 through 1.2.104. A remote attacker can exploit this vulnerability to cause the server to crash denial of service with a specially crafted HTTP request...

7.5CVSS6.9AI score0.03204EPSS
Exploits1References1
OSV
OSV
added 2020/07/27 11:15 p.m.13 views

CVE-2020-12845

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5CVSS7AI score
Exploits0References4
NVD
NVD
added 2020/07/27 11:15 p.m.22 views

CVE-2020-12845

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5CVSS7.5AI score0.03204EPSS
Exploits1References4
Prion
Prion
added 2020/07/27 11:15 p.m.15 views

Null pointer dereference

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

5CVSS7.6AI score0.03204EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2020/07/27 11:15 p.m.29 views

CVE-2020-12845

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5CVSS7.1AI score0.03204EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/07/27 10:56 p.m.24 views

CVE-2020-12845

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...

7.5AI score0.03204EPSS
Exploits1References4
CVE
CVE
added 2020/07/27 10:56 p.m.113 views

CVE-2020-12845

Cherokee CVE-2020-12845: versions 0.4.27–1.2.104 are affected by a denial-of-service caused by a NULL-pointer dereference when handling a malformed Authorization header during cherokee_validator_parse_basic/digest. This allows remote unauthenticated attackers to crash the server. Mitigation: upda...

7.5CVSS7.4AI score0.03204EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/27 12:0 a.m.3 views

PT-2020-13290 · Alvaro Lopez Ortega · Cherokee

Name of the Vulnerable Software and Affected Versions: Cherokee versions 0.4.27 through 1.2.104 Description: The issue is a denial of service caused by NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a...

7.5CVSS7.4AI score0.03204EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2020/05/20 12:0 a.m.14 views

Cherokee Web Server Detection (HTTP)

HTTP based detection of the Cherokee Web Server. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8AI score
Exploits0References1
NVD
NVD
added 2020/05/18 12:15 a.m.25 views

CVE-2019-20798

An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...

8.4CVSS8.2AI score0.01654EPSS
Exploits1References3
NVD
NVD
added 2020/05/18 12:15 a.m.23 views

CVE-2019-20799

In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...

7.5CVSS7.7AI score0.02355EPSS
Exploits1References6
Rows per page
Query Builder