Lucene search
K

232 matches found

NVD
NVD
added 2020/05/18 12:15 a.m.32 views

CVE-2019-20800

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...

9.8CVSS9.5AI score0.02148EPSS
Exploits1References3
OSV
OSV
added 2020/05/18 12:15 a.m.16 views

CVE-2019-20799

In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...

7.5CVSS7.1AI score
Exploits0References6
OSV
OSV
added 2020/05/18 12:15 a.m.21 views

CVE-2019-20800

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...

9.8CVSS7AI score
Exploits0References3
OSV
OSV
added 2020/05/18 12:15 a.m.20 views

CVE-2019-20798

An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...

8.4CVSS6.4AI score
Exploits0References3
Prion
Prion
added 2020/05/18 12:15 a.m.17 views

Memory corruption

In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...

5CVSS8.1AI score0.02355EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2020/05/18 12:15 a.m.25 views

Out-of-bounds

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...

7.5CVSS9.5AI score0.02148EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/05/18 12:15 a.m.20 views

Default configuration

An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...

6CVSS8.8AI score0.01654EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2020/05/18 12:0 a.m.3 views

Cherokee Buffer Error Vulnerability (CNVD-2020-30452)

Cherokee is an open source web server. A security vulnerability exists in Cherokee 1.2.104 and earlier versions. A remote attacker can exploit this vulnerability to destabilize the operation of the server memory corruption...

7.5CVSS6.9AI score0.02355EPSS
Exploits1References1
CNVD
CNVD
added 2020/05/18 12:0 a.m.4 views

Cherokee Cross-Site Scripting Vulnerability

Cherokee is an open source web server. A cross-site scripting vulnerability exists in the handlerserverinfo.c file in Cherokee 1.2.104 and earlier versions, which stems from a requested URL not being displayed correctly on the About page. An attacker can use this vulnerability to reconfigure the...

8.4CVSS6.6AI score0.01654EPSS
Exploits1References1
CNVD
CNVD
added 2020/05/18 12:0 a.m.4 views

Cherokee Buffer Overflow Vulnerability

Cherokee is an open source web server. A buffer overflow vulnerability exists in the cherokeehandlercgiaddenvpair of the handlercgi.c file in Cherokee 1.2.104 and earlier versions. The vulnerability stems from a network system or product performing operations in memory without properly validating...

9.8CVSS7.3AI score0.02148EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/05/17 11:6 p.m.29 views

CVE-2019-20798

An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...

9.1AI score0.01654EPSS
Exploits1References3
CVE
CVE
added 2020/05/17 11:6 p.m.91 views

CVE-2019-20798

CVE-2019-20798 affects Cherokee web server versions 1.2.104 and earlier. The issue is an XSS in the handler_server_info.c module that causes the About page to display the requested URL incorrectly in the default configuration, enabling an attacker in the administrator panel to reconfigure the ser...

8.4CVSS8.1AI score0.01654EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/05/17 11:6 p.m.90 views

CVE-2019-20799

Summary of CVE-2019-20799 (Cherokee) : Cherokee web server up to version 1.2.104 has multiple memory corruption vulnerabilities that can be exploited remotely to destabilize the server. Affected component is the Cherokee web server itself; the root cause is memory corruption within the server pro...

7.5CVSS8.1AI score0.02355EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2020/05/17 11:6 p.m.20 views

CVE-2019-20799

In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server...

8.8AI score0.02355EPSS
Exploits1References6
CVE
CVE
added 2020/05/17 11:5 p.m.128 views

CVE-2019-20800

CVE-2019-20800 affects Cherokee up to version 1.2.104. A remote attacker can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair (handler_cgi.c) by sending a large number of request headers, as shown by a GET with many Host: 127.0.0.1 headers. Documents confirm the flaw exists acr...

9.8CVSS9.4AI score0.02148EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/05/17 11:5 p.m.36 views

CVE-2019-20800

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokeehandlercgiaddenvpair in handlercgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers...

9.6AI score0.02148EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/05/17 12:0 a.m.6 views

PT-2020-10770 · Cherokee · Cherokee

Name of the Vulnerable Software and Affected Versions: Cherokee versions 1.2.104 and earlier Description: The issue allows remote attackers to trigger an out-of-bounds write in cherokee handler cgi add env pair in handler cgi.c by sending many request headers, as demonstrated by a GET request wit...

9.8CVSS9.3AI score0.02148EPSS
Exploits1References9
CNVD
CNVD
added 2019/07/24 12:0 a.m.2 views

Cherokee Web Server Buffer Overflow Vulnerability

Cherokee Web Server is a web server for highly concurrent web applications. A buffer overflow vulnerability exists in Cherokee Web Server versions 1.2.103 and earlier. The vulnerability originates when a web system or product performs an operation in memory without properly validating data...

7.5CVSS7.3AI score0.01341EPSS
Exploits1References1
NVD
NVD
added 2019/07/22 6:15 p.m.20 views

CVE-2019-1010218

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 Current stable is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv0 to an insane length with execl. The fixed version is: There's no fix ye...

7.5CVSS7.6AI score0.01341EPSS
Exploits1References1
OSV
OSV
added 2019/07/22 6:15 p.m.14 views

CVE-2019-1010218

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 Current stable is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv0 to an insane length with execl. The fixed version is: There's no fix ye...

7.5CVSS6.9AI score
Exploits0References1
Rows per page
Query Builder