232 matches found
CVE-2019-20798
An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...
Mageia: Security Advisory (MGASA-2021-0019)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0181)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2021-0019 Updated cherokee packages fix security vulnerability
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
Updated cherokee packages fix security vulnerability
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
GLSA-202012-09 : Cherokee: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202012-09 Cherokee: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...
Cherokee: Multiple vulnerabilities
Background Cherokee is an extra-light web server. Description Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...
Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...
Cherokee Web Server 0.4.27 <= 1.2.104 DoS Vulnerability
Cherokee Web Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cherokee Code Issue Vulnerability
Cherokee is an open source web server. A security vulnerability exists in Cherokee versions 0.4.27 through 1.2.104. A remote attacker can exploit this vulnerability to cause the server to crash denial of service with a specially crafted HTTP request...
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
Null pointer dereference
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
CVE-2020-12845
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
CVE-2020-12845
Cherokee CVE-2020-12845: versions 0.4.27–1.2.104 are affected by a denial-of-service caused by a NULL-pointer dereference when handling a malformed Authorization header during cherokee_validator_parse_basic/digest. This allows remote unauthenticated attackers to crash the server. Mitigation: upda...
PT-2020-13290 · Alvaro Lopez Ortega · Cherokee
Name of the Vulnerable Software and Affected Versions: Cherokee versions 0.4.27 through 1.2.104 Description: The issue is a denial of service caused by NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a...
Cherokee Web Server Detection (HTTP)
HTTP based detection of the Cherokee Web Server. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-20798
An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...
CVE-2019-20799
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...