3 matches found
Cherokee remote command execution
The remote version of Cherokee is vulnerable to remote command execution due to a lack of web requests sanitization, especially shell metacharacters. Additionally, this version fails to drop root privileges after it binds to listen port. SPDX-FileCopyrightText: 2004 David Maciejak Some text...
Cherokee remote command execution
The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to remote command execution due to a lack of web requests sanitization, especially shell metacharacters. Additionally, this version fails to drop root privileges after it binds to...
CVE-2001-1433
The CVE-2001-1433 entry concerns Cherokee web server before 0.2.7. The core issue is twofold: (1) after binding to port 80 it does not properly drop root privileges, creating a risk that a remote attacker could gain privileges, and (2) the remote version is vulnerable to remote command execution ...