2 matches found
MGASA-2021-0019 Updated cherokee packages fix security vulnerability
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokeebufferadd call with...
MGASA-2015-0181 Updated cherokee packages fix CVE-2014-4668
Updated cherokee packages fix security vulnerability: The cherokeevalidatorldapcheck function in validatorldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty...