232 matches found
CVE-2019-20800
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...
CVE-2019-20799
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...
CVE-2019-20800
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...
CVE-2019-20798
An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...
Memory corruption
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...
Out-of-bounds
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...
Default configuration
An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...
Cherokee Buffer Error Vulnerability (CNVD-2020-30452)
Cherokee is an open source web server. A security vulnerability exists in Cherokee 1.2.104 and earlier versions. A remote attacker can exploit this vulnerability to destabilize the operation of the server memory corruption...
Cherokee Cross-Site Scripting Vulnerability
Cherokee is an open source web server. A cross-site scripting vulnerability exists in the handlerserverinfo.c file in Cherokee 1.2.104 and earlier versions, which stems from a requested URL not being displayed correctly on the About page. An attacker can use this vulnerability to reconfigure the...
Cherokee Buffer Overflow Vulnerability
Cherokee is an open source web server. A buffer overflow vulnerability exists in the cherokeehandlercgiaddenvpair of the handlercgi.c file in Cherokee 1.2.104 and earlier versions. The vulnerability stems from a network system or product performing operations in memory without properly validating...
CVE-2019-20798
An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...
CVE-2019-20798
CVE-2019-20798 affects Cherokee web server versions 1.2.104 and earlier. The issue is an XSS in the handler_server_info.c module that causes the About page to display the requested URL incorrectly in the default configuration, enabling an attacker in the administrator panel to reconfigure the ser...
CVE-2019-20799
Summary of CVE-2019-20799 (Cherokee) : Cherokee web server up to version 1.2.104 has multiple memory corruption vulnerabilities that can be exploited remotely to destabilize the server. Affected component is the Cherokee web server itself; the root cause is memory corruption within the server pro...
CVE-2019-20799
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...
CVE-2019-20800
CVE-2019-20800 affects Cherokee up to version 1.2.104. A remote attacker can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair (handler_cgi.c) by sending a large number of request headers, as shown by a GET with many Host: 127.0.0.1 headers. Documents confirm the flaw exists acr...
CVE-2019-20800
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...
PT-2020-10770 · Cherokee · Cherokee
Name of the Vulnerable Software and Affected Versions: Cherokee versions 1.2.104 and earlier Description: The issue allows remote attackers to trigger an out-of-bounds write in cherokee handler cgi add env pair in handler cgi.c by sending many request headers, as demonstrated by a GET request wit...
Cherokee Web Server Buffer Overflow Vulnerability
Cherokee Web Server is a web server for highly concurrent web applications. A buffer overflow vulnerability exists in Cherokee Web Server versions 1.2.103 and earlier. The vulnerability originates when a web system or product performs an operation in memory without properly validating data...
CVE-2019-1010218
Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 Current stable is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv0 to an insane length with execl. The fixed version is: There's no fix ye...
CVE-2019-1010218
Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 Current stable is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv0 to an insane length with execl. The fixed version is: There's no fix ye...