Vulnerabilites related to cherokee-project - cherokee
CVE-2020-12845 (GCVE-0-2020-12845)
Vulnerability from cvelistv5
Published
2020-07-27 22:56
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cherokee-project.com/downloads.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1242"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cherokee-project.com/downloads.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1242"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cherokee/webserver/releases",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/releases"
},
{
"name": "http://cherokee-project.com/downloads.html",
"refsource": "MISC",
"url": "http://cherokee-project.com/downloads.html"
},
{
"name": "https://github.com/cherokee/webserver/issues/1242",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1242"
},
{
"name": "GLSA-202012-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12845",
"datePublished": "2020-07-27T22:56:01",
"dateReserved": "2020-05-14T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2190 (GCVE-0-2011-2190)
Vulnerability from cvelistv5
Published
2011-10-07 01:00
Modified
2024-08-06 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49772"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/cherokee/issues/detail?id=1212"
},
{
"name": "FEDORA-2011-12698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"name": "[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-07T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49772"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/cherokee/issues/detail?id=1212"
},
{
"name": "FEDORA-2011-12698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"name": "[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/21"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2190",
"datePublished": "2011-10-07T01:00:00Z",
"dateReserved": "2011-05-31T00:00:00Z",
"dateUpdated": "2024-08-06T22:53:17.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20800 (GCVE-0-2019-20800)
Vulnerability from cvelistv5
Published
2020-05-17 23:05
Modified
2024-08-05 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1224"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many \"Host: 127.0.0.1\" headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1224"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many \"Host: 127.0.0.1\" headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logicaltrust.net/blog/2019/11/cherokee.html",
"refsource": "MISC",
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"name": "https://github.com/cherokee/webserver/issues/1224",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1224"
},
{
"name": "GLSA-202012-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20800",
"datePublished": "2020-05-17T23:05:45",
"dateReserved": "2020-05-17T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2191 (GCVE-0-2011-2191)
Vulnerability from cvelistv5
Published
2011-10-07 01:00
Modified
2024-08-06 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49772"
},
{
"name": "20110601 cherokee server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Jun/0"
},
{
"name": "[oss-security] 20110606 Re: Security issue in cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/22"
},
{
"name": "FEDORA-2011-12698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/784632"
},
{
"name": "[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"name": "[oss-security] 20110603 Security issue in cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/6"
},
{
"name": "72693",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-24T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49772"
},
{
"name": "20110601 cherokee server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Jun/0"
},
{
"name": "[oss-security] 20110606 Re: Security issue in cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/22"
},
{
"name": "FEDORA-2011-12698",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/784632"
},
{
"name": "[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"name": "[oss-security] 20110603 Security issue in cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/6"
},
{
"name": "72693",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72693"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2191",
"datePublished": "2011-10-07T01:00:00",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4489 (GCVE-0-2009-4489)
Vulnerability from cvelistv5
Published
2010-01-13 20:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.cherokee-project.com/changeset/3944"
},
{
"name": "37933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37933"
},
{
"name": "ADV-2010-0090",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0090"
},
{
"name": "37715",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.cherokee-project.com/changeset/3977"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.cherokee-project.com/changeset/3944"
},
{
"name": "37933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37933"
},
{
"name": "ADV-2010-0090",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0090"
},
{
"name": "37715",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.cherokee-project.com/changeset/3977"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.cherokee-project.com/changeset/3944",
"refsource": "CONFIRM",
"url": "http://svn.cherokee-project.com/changeset/3944"
},
{
"name": "37933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37933"
},
{
"name": "ADV-2010-0090",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0090"
},
{
"name": "37715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37715"
},
{
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "http://svn.cherokee-project.com/changeset/3977",
"refsource": "CONFIRM",
"url": "http://svn.cherokee-project.com/changeset/3977"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4489",
"datePublished": "2010-01-13T20:00:00",
"dateReserved": "2009-12-30T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20799 (GCVE-0-2019-20799)
Vulnerability from cvelistv5
Published
2020-05-17 23:06
Modified
2024-08-05 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1221"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1221"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logicaltrust.net/blog/2019/11/cherokee.html",
"refsource": "MISC",
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"name": "https://github.com/cherokee/webserver/issues/1226",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1226"
},
{
"name": "https://github.com/cherokee/webserver/issues/1225",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1225"
},
{
"name": "https://github.com/cherokee/webserver/issues/1222",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1222"
},
{
"name": "https://github.com/cherokee/webserver/issues/1221",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1221"
},
{
"name": "GLSA-202012-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20799",
"datePublished": "2020-05-17T23:06:01",
"dateReserved": "2020-05-17T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20798 (GCVE-0-2019-20798)
Vulnerability from cvelistv5
Published
2020-05-17 23:06
Modified
2024-08-05 02:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/issues/1227"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T21:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cherokee/webserver/issues/1227"
},
{
"name": "GLSA-202012-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://logicaltrust.net/blog/2019/11/cherokee.html",
"refsource": "MISC",
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"name": "https://github.com/cherokee/webserver/issues/1227",
"refsource": "MISC",
"url": "https://github.com/cherokee/webserver/issues/1227"
},
{
"name": "GLSA-202012-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202012-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20798",
"datePublished": "2020-05-17T23:06:16",
"dateReserved": "2020-05-17T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4668 (GCVE-0-2014-4668)
Vulnerability from cvelistv5
Published
2014-07-02 01:00
Modified
2024-08-06 11:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68249"
},
{
"name": "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"name": "FEDORA-2015-6392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"name": "MDVSA-2015:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"name": "FEDORA-2015-6279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"name": "[oss-security] 20140628 CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"name": "FEDORA-2015-6194",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68249"
},
{
"name": "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"name": "FEDORA-2015-6392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"name": "MDVSA-2015:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"name": "FEDORA-2015-6279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"name": "[oss-security] 20140628 CVE request / advisory: Cherokee",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"name": "FEDORA-2015-6194",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68249"
},
{
"name": "[oss-security] 20140628 Re: CVE request / advisory: Cherokee",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"name": "FEDORA-2015-6392",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"name": "MDVSA-2015:225",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"name": "FEDORA-2015-6279",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"name": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88",
"refsource": "CONFIRM",
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"name": "[oss-security] 20140628 CVE request / advisory: Cherokee",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"name": "FEDORA-2015-6194",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0181.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4668",
"datePublished": "2014-07-02T01:00:00",
"dateReserved": "2014-06-26T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-10-07 02:51
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "674AD99A-45B9-426B-A0B4-D463D859E8BD",
"versionEndIncluding": "1.2.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D72FF6B3-59AC-429A-9306-120BEF41BA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7879BF5D-D188-45EC-8CF1-75F72FDD317F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44992C96-B552-4A2B-A404-E3E595F54954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71040563-9485-4665-AC02-F82734F0876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5314F514-FF97-46CC-B3D4-6925933CAE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A060E8F5-CE34-4CD9-86BC-06C589D3B109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B420FEA6-8F72-4A37-816D-0D26667BFF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A09D8EC8-5D8F-425B-8763-82BC2A53DA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "249E666A-5639-450D-B570-65B5E7A64F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2ED38E6-EFB2-40A4-9796-B3A6AEB967DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEC5875-BC5D-4F4E-895E-C4BF82CEB16F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A63467-2332-47FE-A9BE-7C6471AB31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24A159C8-AED3-4F78-83F0-7295A43BD6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1B22C65A-4F18-43DB-9306-F6E4004D0824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "610B2E1F-3ABF-460F-86DC-7F1F27FB06A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76F4808F-77EE-4242-BE4F-0ECC2725885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB06B8B-EE81-4C03-BBA8-DE672FB7B4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "697BF6E4-FFDE-45B0-9BEC-F8C37E794CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "24EE0CC7-F388-4A28-8AC1-0D2C78936FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3F4AC4-C123-430F-9B4E-3FF14CBB574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B00661A6-62FB-4D41-9931-C5914A5D4704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D97CFCBC-6257-4B00-BF5B-41525F9CC0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "48BD342E-8372-45A0-8001-88C6949396D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F3D30A-188A-4DD6-A27D-177C337BBF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "499882B7-8826-426A-A909-2972DB411950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "34D8CA76-0FB7-4558-9A80-853592B5BB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C981CA-6CEA-4EDB-A47A-BC2F4CF5A90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "328299F2-4AFE-433D-839B-49FB76DC1693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "402A610A-E09C-4AD7-AD88-4840D273B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "628AF17F-5134-4EC8-97BB-04380DB9B5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "09945325-5812-4827-8DF8-0AC59E5BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED47B2D-AA94-4902-A0A5-D4571F45DA98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "850FC8D1-A60B-4199-BD9A-E480C3DFCADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1299BA2-1590-46D8-AE07-304EA6F56181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC506D1-79F9-4215-A806-24225C3D6462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "250A06CF-15A8-4602-BE8D-874C8D088396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE75B64-93A9-4472-96DD-6CB1E6B029D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3ED1D9-9FC0-424F-B610-2E2617205FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "710E366E-38B1-4A8A-A57F-B5589E117D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE88E20-78C4-4315-81D4-ACD8616DFE1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BB3013-7508-42D1-8086-CEBE776747AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "411D69C9-2910-4458-BFA9-47319F58C01C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF02A1-88B7-48D8-BFEE-1FD48C329278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF08EF9D-57F6-4194-B853-CE3AB9FD0016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3905-185B-4AFD-85C7-CED8EDD94F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F70D80C-EEB1-4194-855C-D3715C99F2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF9F848-7CEE-4A33-8C35-86D13C9C41C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "722246E6-F6B1-4003-B496-9FA2DDCBFEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD47FBC-CCAF-43BB-8884-D4D15BFD89B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A065352A-B0FE-4EBF-BF90-7242F5980D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9F81E1-C73C-4362-914F-D74B030C9674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9172B4E8-F280-4EF7-B262-9B9DA8A83B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C32AF0C7-79BC-4670-ABD1-8B5B5BFC1C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FD0D6D-F123-4E52-B5B3-167D34995A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFE8EFF-0A29-4B29-B49D-E5DD0ED99E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "056A2B22-D824-45F6-92AD-500DB4C1E951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CF78CF-5447-478F-A346-676927752D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD126D-4CB5-40E5-A182-E74B1023E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA588C6-7165-4D6D-81FF-9DE4794B5C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6155B076-59E2-449D-B8BE-8F3E942ADCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86B1A879-C715-4DC9-B3ED-06613DF0227F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E5943A-AE08-4DB8-90E0-6751AC95C44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEDEBA0-3D84-4EB3-8EF8-52B8CE4B353C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24A760D4-892E-4356-B49E-2D2A4ECC9CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "629A42DC-8E7E-4FCC-9588-1DE41800FAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5318A9-8B3D-4811-988E-B48E115AB1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5064310-FCD7-4660-8B5E-11F35CFE5CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A12BDFA8-B467-41F1-8617-E1D0D8090573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F29E5056-AFF7-4DF4-BAEB-4D13208D309A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.07:*:*:*:*:*:*:*",
"matchCriteriaId": "00F47B90-E0D1-47B9-9A0E-6BADE004D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B3775E60-3D6B-4BB9-8A67-D21C43968334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00144A08-D450-42A3-B570-2A6872201E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5CCA66-61B9-4BE2-B511-C9DD7DE974E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F8C75-217A-42FC-8487-2ED181D9D9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "649460A3-9436-4192-9A62-94D5AA54E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "803BF030-8E46-4796-8A29-05A8FD324624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C0609A94-3233-4918-9FE3-864734EA64E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3339CD55-B0AA-4F3E-9B48-11DDA9CD2104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A4157BEE-F6A1-4938-89FB-7509995E009B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "95079C95-F5C2-443A-BC78-9A9AFC5BC5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3AE4D7-7B49-4315-B6D9-41ECAADC82E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9856BF25-D63A-4D00-BDD4-96FB5293E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB87F3D-CCEA-451E-B2CF-D414ECC53438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.21:*:*:*:*:*:*:*",
"matchCriteriaId": "10757868-1831-4802-A3A0-C343BE492389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C6219F-BA29-4EE3-B7F4-524E413C7885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D6032E26-D07D-410E-8E74-004D745C3F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E6C74A-94FB-4944-AED4-5B31679262B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.25:*:*:*:*:*:*:*",
"matchCriteriaId": "32D44F80-75AD-4015-BA02-82B8461BEC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.26:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD2950E-26EF-45CE-9A80-8636FE44FD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5843A4-618F-4D7D-9931-16DAC314C9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.28:*:*:*:*:*:*:*",
"matchCriteriaId": "53E1A557-2E7F-4CA1-81E3-1C0AD040D6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.29:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF0CD1F-95B0-4CAE-95AA-14439638CF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FDDF23-7FD7-40E7-B817-3CC99C48FECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33C56893-10BD-45FC-86CB-4AC32E11C2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59E6C3E2-6BE2-4CEA-A1B4-651175AA3F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.33:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8768-C639-4292-8689-6EFE43549F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.34:*:*:*:*:*:*:*",
"matchCriteriaId": "361E5685-6676-4235-B41E-240882D8D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CF64C8BD-4C3F-4D27-B6C9-BA8B6275C813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF76DCB-91B3-4890-9A79-63A1B053DB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.37:*:*:*:*:*:*:*",
"matchCriteriaId": "7668F112-44BA-473E-8C8F-116B11ECE0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.38:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD3F7AD-A298-4C56-8BE7-A9BCBECFFE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.39:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDA36FB-2338-49FC-890C-0D7E230E60A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B403DB68-3FAB-4802-8CE0-62C4160F0014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.41:*:*:*:*:*:*:*",
"matchCriteriaId": "49092B57-A1CC-4B2C-9C76-2DCD1AA0398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.42:*:*:*:*:*:*:*",
"matchCriteriaId": "251B03EF-6B65-4E2A-9E95-E7423F1B98FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.43:*:*:*:*:*:*:*",
"matchCriteriaId": "E35F1FC0-C03D-4D6E-963E-6269B1FAF2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.44:*:*:*:*:*:*:*",
"matchCriteriaId": "54E1A1BF-CA09-49DF-BA2E-00E32E6C9ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.45:*:*:*:*:*:*:*",
"matchCriteriaId": "8F99739A-BA90-4FB9-8D35-5DD9086F5B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.46:*:*:*:*:*:*:*",
"matchCriteriaId": "EF500BFC-8593-42D4-A997-F386C657DEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.47:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFD8807-9446-415B-AB32-4F4F9B7B3271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A20009D8-AE7F-4C0E-9D4D-0C8327AD87E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.49:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7C1ED1-C424-481F-A7F0-9334D7DFB7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B92C38-5AF2-449F-BC68-076F77C077D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A648ADE1-42F3-4871-97BC-3184F2D168C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2695CE-028C-490C-953A-E319D7FA9F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC65782E-ECCA-43FA-844D-B8FC9A87BAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C862A1E-B1B7-4A82-96A3-72CFEE5E5618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "190A13C9-1C1A-4074-A1C4-501BC9C8A1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC56ADDF-1448-4AD7-B2B7-BDCB50061F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7062D1-2DF3-4045-A3EB-7E2E15CD7962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE57FA26-7CE8-4DF4-9AAD-5C96185B80AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81119E-EA94-4ADF-BF6A-6CDAEDE28C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3FD7A8-AFAD-4955-A1D7-8E9E8958F91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB81796-9217-449B-8F3F-D6F72A24E694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "89298218-3751-49E0-96A3-5525531C8E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24BD5CCC-0EA1-4D7E-92D9-F1DFF3E16D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAABD32-CBDD-41D0-8147-E2EC15E76BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62C1D5C6-5F0E-4CEE-95B4-426FC4906007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF386C91-9AF5-435D-B713-19D29827D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D74293C5-82E9-41CF-A591-A8C86A0705D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "82970E82-587C-4AB5-892F-59D47BC4EC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C14B6FC3-55C6-4D77-8BC2-0E0A38EF773E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC597B25-3DA8-4482-A6DD-602411CAEBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADB28A-0259-43D4-9111-8230DC7FBF13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C81B436-5435-484A-81C2-EC9FAC83DC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5B3C97-844D-4F58-87F4-11962A7228F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cherokee-admin de Cherokee en versiones anteriores a la 1.2.99. Permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores en peticiones que insertan secuencias de comandos en sitios cruzados (XSS), como se ha demostrado por un campo de nombre de usuario (\"nickname\") a vserver/apply."
}
],
"id": "CVE-2011-2191",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-07T02:51:40.893",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/72693"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2011/Jun/0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/22"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49772"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://launchpad.net/bugs/784632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2011/Jun/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://launchpad.net/bugs/784632"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-18 00:15
Modified
2024-11-21 04:39
Severity ?
Summary
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cherokee/webserver/issues/1224 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://logicaltrust.net/blog/2019/11/cherokee.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202012-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cherokee/webserver/issues/1224 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://logicaltrust.net/blog/2019/11/cherokee.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202012-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cherokee-project | cherokee | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDFC431-553A-4EF1-9450-9F9310415845",
"versionEndIncluding": "1.2.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many \"Host: 127.0.0.1\" headers."
},
{
"lang": "es",
"value": "En Cherokee versiones hasta 1.2.104, atacantes remotos pueden activar una escritura fuera de l\u00edmites en la funci\u00f3n cherokee_handler_cgi_add_env_pair en el archivo handler_cgi.c al enviar muchos encabezados de petici\u00f3n, como es demostrado por una petici\u00f3n GET con muchos encabezados \"Host: 127.0.0.1\"."
}
],
"id": "CVE-2019-20800",
"lastModified": "2024-11-21T04:39:23.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-18T00:15:11.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1224"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-27 23:15
Modified
2024-11-21 05:00
Severity ?
Summary
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cherokee-project.com/downloads.html | Vendor Advisory | |
| cve@mitre.org | https://github.com/cherokee/webserver/issues/1242 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/cherokee/webserver/releases | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202012-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cherokee-project.com/downloads.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cherokee/webserver/issues/1242 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cherokee/webserver/releases | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202012-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cherokee-project | cherokee | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AA5C29-D669-46CA-ADFC-91D47AD67050",
"versionEndIncluding": "1.2.104",
"versionStartIncluding": "0.4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest."
},
{
"lang": "es",
"value": "Cherokee versiones 0.4.27 a 1.2.104, est\u00e1 afectado por una denegaci\u00f3n de servicio debido a una desreferencia del puntero NULL. Un atacante remoto no autenticado puede bloquear el servidor mediante el env\u00edo de una petici\u00f3n HTTP hacia los recursos protegidos usando un encabezado de autorizaci\u00f3n malformado que es manejado inapropiadamente durante una llamada de cherokee_buffer_add dentro de cherokee_validator_parse_basic o cherokee_validator_parse_digest"
}
],
"id": "CVE-2020-12845",
"lastModified": "2024-11-21T05:00:23.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-27T23:15:12.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://cherokee-project.com/downloads.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1242"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cherokee-project.com/downloads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 02:51
Modified
2025-04-11 00:51
Severity ?
Summary
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "674AD99A-45B9-426B-A0B4-D463D859E8BD",
"versionEndIncluding": "1.2.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D72FF6B3-59AC-429A-9306-120BEF41BA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7879BF5D-D188-45EC-8CF1-75F72FDD317F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44992C96-B552-4A2B-A404-E3E595F54954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "71040563-9485-4665-AC02-F82734F0876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5314F514-FF97-46CC-B3D4-6925933CAE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A060E8F5-CE34-4CD9-86BC-06C589D3B109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B420FEA6-8F72-4A37-816D-0D26667BFF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A09D8EC8-5D8F-425B-8763-82BC2A53DA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "249E666A-5639-450D-B570-65B5E7A64F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2ED38E6-EFB2-40A4-9796-B3A6AEB967DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BEEC5875-BC5D-4F4E-895E-C4BF82CEB16F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A63467-2332-47FE-A9BE-7C6471AB31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "24A159C8-AED3-4F78-83F0-7295A43BD6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1B22C65A-4F18-43DB-9306-F6E4004D0824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "610B2E1F-3ABF-460F-86DC-7F1F27FB06A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76F4808F-77EE-4242-BE4F-0ECC2725885B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB06B8B-EE81-4C03-BBA8-DE672FB7B4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "697BF6E4-FFDE-45B0-9BEC-F8C37E794CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "24EE0CC7-F388-4A28-8AC1-0D2C78936FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3F4AC4-C123-430F-9B4E-3FF14CBB574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B00661A6-62FB-4D41-9931-C5914A5D4704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D97CFCBC-6257-4B00-BF5B-41525F9CC0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "48BD342E-8372-45A0-8001-88C6949396D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F3D30A-188A-4DD6-A27D-177C337BBF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "499882B7-8826-426A-A909-2972DB411950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "34D8CA76-0FB7-4558-9A80-853592B5BB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C981CA-6CEA-4EDB-A47A-BC2F4CF5A90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "328299F2-4AFE-433D-839B-49FB76DC1693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "402A610A-E09C-4AD7-AD88-4840D273B43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "628AF17F-5134-4EC8-97BB-04380DB9B5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "09945325-5812-4827-8DF8-0AC59E5BF3C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED47B2D-AA94-4902-A0A5-D4571F45DA98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "850FC8D1-A60B-4199-BD9A-E480C3DFCADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1299BA2-1590-46D8-AE07-304EA6F56181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC506D1-79F9-4215-A806-24225C3D6462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "250A06CF-15A8-4602-BE8D-874C8D088396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE75B64-93A9-4472-96DD-6CB1E6B029D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3ED1D9-9FC0-424F-B610-2E2617205FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "710E366E-38B1-4A8A-A57F-B5589E117D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE88E20-78C4-4315-81D4-ACD8616DFE1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56BB3013-7508-42D1-8086-CEBE776747AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "411D69C9-2910-4458-BFA9-47319F58C01C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF02A1-88B7-48D8-BFEE-1FD48C329278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF08EF9D-57F6-4194-B853-CE3AB9FD0016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3905-185B-4AFD-85C7-CED8EDD94F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F70D80C-EEB1-4194-855C-D3715C99F2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF9F848-7CEE-4A33-8C35-86D13C9C41C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "722246E6-F6B1-4003-B496-9FA2DDCBFEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD47FBC-CCAF-43BB-8884-D4D15BFD89B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A065352A-B0FE-4EBF-BF90-7242F5980D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9F81E1-C73C-4362-914F-D74B030C9674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9172B4E8-F280-4EF7-B262-9B9DA8A83B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C32AF0C7-79BC-4670-ABD1-8B5B5BFC1C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FD0D6D-F123-4E52-B5B3-167D34995A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFE8EFF-0A29-4B29-B49D-E5DD0ED99E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "056A2B22-D824-45F6-92AD-500DB4C1E951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CF78CF-5447-478F-A346-676927752D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD126D-4CB5-40E5-A182-E74B1023E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA588C6-7165-4D6D-81FF-9DE4794B5C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6155B076-59E2-449D-B8BE-8F3E942ADCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86B1A879-C715-4DC9-B3ED-06613DF0227F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E5943A-AE08-4DB8-90E0-6751AC95C44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEDEBA0-3D84-4EB3-8EF8-52B8CE4B353C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24A760D4-892E-4356-B49E-2D2A4ECC9CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "629A42DC-8E7E-4FCC-9588-1DE41800FAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5318A9-8B3D-4811-988E-B48E115AB1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5064310-FCD7-4660-8B5E-11F35CFE5CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A12BDFA8-B467-41F1-8617-E1D0D8090573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F29E5056-AFF7-4DF4-BAEB-4D13208D309A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.07:*:*:*:*:*:*:*",
"matchCriteriaId": "00F47B90-E0D1-47B9-9A0E-6BADE004D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B3775E60-3D6B-4BB9-8A67-D21C43968334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00144A08-D450-42A3-B570-2A6872201E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5CCA66-61B9-4BE2-B511-C9DD7DE974E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F8C75-217A-42FC-8487-2ED181D9D9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "649460A3-9436-4192-9A62-94D5AA54E980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "803BF030-8E46-4796-8A29-05A8FD324624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C0609A94-3233-4918-9FE3-864734EA64E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3339CD55-B0AA-4F3E-9B48-11DDA9CD2104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A4157BEE-F6A1-4938-89FB-7509995E009B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "95079C95-F5C2-443A-BC78-9A9AFC5BC5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3AE4D7-7B49-4315-B6D9-41ECAADC82E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9856BF25-D63A-4D00-BDD4-96FB5293E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB87F3D-CCEA-451E-B2CF-D414ECC53438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.21:*:*:*:*:*:*:*",
"matchCriteriaId": "10757868-1831-4802-A3A0-C343BE492389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C6219F-BA29-4EE3-B7F4-524E413C7885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D6032E26-D07D-410E-8E74-004D745C3F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E6C74A-94FB-4944-AED4-5B31679262B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.25:*:*:*:*:*:*:*",
"matchCriteriaId": "32D44F80-75AD-4015-BA02-82B8461BEC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.26:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD2950E-26EF-45CE-9A80-8636FE44FD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.27:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5843A4-618F-4D7D-9931-16DAC314C9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.28:*:*:*:*:*:*:*",
"matchCriteriaId": "53E1A557-2E7F-4CA1-81E3-1C0AD040D6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.29:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF0CD1F-95B0-4CAE-95AA-14439638CF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FDDF23-7FD7-40E7-B817-3CC99C48FECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33C56893-10BD-45FC-86CB-4AC32E11C2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.32:*:*:*:*:*:*:*",
"matchCriteriaId": "59E6C3E2-6BE2-4CEA-A1B4-651175AA3F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.33:*:*:*:*:*:*:*",
"matchCriteriaId": "23CA8768-C639-4292-8689-6EFE43549F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.34:*:*:*:*:*:*:*",
"matchCriteriaId": "361E5685-6676-4235-B41E-240882D8D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CF64C8BD-4C3F-4D27-B6C9-BA8B6275C813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF76DCB-91B3-4890-9A79-63A1B053DB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.37:*:*:*:*:*:*:*",
"matchCriteriaId": "7668F112-44BA-473E-8C8F-116B11ECE0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.38:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD3F7AD-A298-4C56-8BE7-A9BCBECFFE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.39:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDA36FB-2338-49FC-890C-0D7E230E60A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.40:*:*:*:*:*:*:*",
"matchCriteriaId": "B403DB68-3FAB-4802-8CE0-62C4160F0014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.41:*:*:*:*:*:*:*",
"matchCriteriaId": "49092B57-A1CC-4B2C-9C76-2DCD1AA0398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.42:*:*:*:*:*:*:*",
"matchCriteriaId": "251B03EF-6B65-4E2A-9E95-E7423F1B98FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.43:*:*:*:*:*:*:*",
"matchCriteriaId": "E35F1FC0-C03D-4D6E-963E-6269B1FAF2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.44:*:*:*:*:*:*:*",
"matchCriteriaId": "54E1A1BF-CA09-49DF-BA2E-00E32E6C9ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.45:*:*:*:*:*:*:*",
"matchCriteriaId": "8F99739A-BA90-4FB9-8D35-5DD9086F5B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.46:*:*:*:*:*:*:*",
"matchCriteriaId": "EF500BFC-8593-42D4-A997-F386C657DEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.47:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFD8807-9446-415B-AB32-4F4F9B7B3271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.48:*:*:*:*:*:*:*",
"matchCriteriaId": "A20009D8-AE7F-4C0E-9D4D-0C8327AD87E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:0.99.49:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7C1ED1-C424-481F-A7F0-9334D7DFB7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B92C38-5AF2-449F-BC68-076F77C077D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A648ADE1-42F3-4871-97BC-3184F2D168C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2695CE-028C-490C-953A-E319D7FA9F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC65782E-ECCA-43FA-844D-B8FC9A87BAB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C862A1E-B1B7-4A82-96A3-72CFEE5E5618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "190A13C9-1C1A-4074-A1C4-501BC9C8A1B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC56ADDF-1448-4AD7-B2B7-BDCB50061F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7062D1-2DF3-4045-A3EB-7E2E15CD7962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE57FA26-7CE8-4DF4-9AAD-5C96185B80AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81119E-EA94-4ADF-BF6A-6CDAEDE28C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3FD7A8-AFAD-4955-A1D7-8E9E8958F91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB81796-9217-449B-8F3F-D6F72A24E694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "89298218-3751-49E0-96A3-5525531C8E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24BD5CCC-0EA1-4D7E-92D9-F1DFF3E16D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAABD32-CBDD-41D0-8147-E2EC15E76BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62C1D5C6-5F0E-4CEE-95B4-426FC4906007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF386C91-9AF5-435D-B713-19D29827D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D74293C5-82E9-41CF-A591-A8C86A0705D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "82970E82-587C-4AB5-892F-59D47BC4EC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C14B6FC3-55C6-4D77-8BC2-0E0A38EF773E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BC597B25-3DA8-4482-A6DD-602411CAEBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAADB28A-0259-43D4-9111-8230DC7FBF13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C81B436-5435-484A-81C2-EC9FAC83DC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5B3C97-844D-4F58-87F4-11962A7228F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack."
},
{
"lang": "es",
"value": "La funci\u00f3n generate_admin_password de Cherokee en versiones anteriores a la 1.2.99 utiliza la fecha y el PID para crear la semilla del generador de n\u00fameros aleatorios, lo que facilita a usuarios locales determinar la contrase\u00f1a de admin a trav\u00e9s de ataque de fuerza bruta."
}
],
"id": "CVE-2011-2190",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-07T02:51:40.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://code.google.com/p/cherokee/issues/detail?id=1212"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/21"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49772"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://code.google.com/p/cherokee/issues/detail?id=1212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-02 04:14
Modified
2025-04-12 10:46
Severity ?
Summary
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| mageia_project | mageia | 4 | |
| cherokee-project | cherokee | * | |
| cherokee-project | cherokee | 1.2.2 | |
| cherokee-project | cherokee | 1.2.98 | |
| cherokee-project | cherokee | 1.2.99 | |
| cherokee-project | cherokee | 1.2.101 | |
| cherokee-project | cherokee | 1.2.102 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA7EA7-8D67-49E1-9D93-88CA97A8EFAC",
"versionEndIncluding": "1.2.103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5B3C97-844D-4F58-87F4-11962A7228F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*",
"matchCriteriaId": "762B5682-C942-4DC7-9C69-D0AC3D4E275C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB62CE7-9FC9-4E7F-8B3D-45710949EA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*",
"matchCriteriaId": "D33D414B-0A4C-41EE-991A-788559EC3A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*",
"matchCriteriaId": "1407BB70-8D64-422F-8487-4D8B3E88963E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password."
},
{
"lang": "es",
"value": "La funci\u00f3n cherokee_validator_ldap_check en validator_ldap.c en Cherokee 1.2.103 y anteriores, cuando LDAP est\u00e1 utilizado, no considera debidamente la sem\u00e1ntica bind no autenticada, lo que permite a atacantes remotos evadir autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a vac\u00eda."
}
],
"id": "CVE-2014-4668",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-02T04:14:17.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68249"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/06/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/06/28/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-18 00:15
Modified
2024-11-21 04:39
Severity ?
Summary
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cherokee-project | cherokee | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDFC431-553A-4EF1-9450-9F9310415845",
"versionEndIncluding": "1.2.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server."
},
{
"lang": "es",
"value": "En Cherokee versiones hasta 1.2.104, m\u00faltiples errores de corrupci\u00f3n de memoria pueden ser usados por un atacante remoto para desestabilizar el trabajo de un servidor."
}
],
"id": "CVE-2019-20799",
"lastModified": "2024-11-21T04:39:23.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-18T00:15:11.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1221"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1222"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1225"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1226"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-18 00:15
Modified
2024-11-21 04:39
Severity ?
Summary
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cherokee/webserver/issues/1227 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://logicaltrust.net/blog/2019/11/cherokee.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202012-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cherokee/webserver/issues/1227 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://logicaltrust.net/blog/2019/11/cherokee.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202012-09 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cherokee-project | cherokee | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDFC431-553A-4EF1-9450-9F9310415845",
"versionEndIncluding": "1.2.104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de tipo XSS en el archivo handler_server_info.c En Cherokee versiones hasta 1.2.104. La URL requerida es mostrada inapropiadamente en la p\u00e1gina About en la configuraci\u00f3n predeterminada del servidor web y su panel de administrador. El ataque XSS en el panel de administrador puede ser usado para reconfigurar el servidor y ejecutar comandos arbitrarios."
}
],
"id": "CVE-2019-20798",
"lastModified": "2024-11-21T04:39:23.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-18T00:15:11.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1227"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cherokee/webserver/issues/1227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://logicaltrust.net/blog/2019/11/cherokee.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202012-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-13 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cherokee-project | cherokee | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55266390-544E-475E-A1B0-816E8AE69D1A",
"versionEndIncluding": "0.99.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
},
{
"lang": "es",
"value": "header.c en Cherokee anterior a v0.99.32, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podr\u00eda permitir a atacantes remotos modificar la ventana de t\u00edtulo, o posiblemente ejecutar comandos de su elecci\u00f3n o sobrescribir archivos, a trav\u00e9s de una petici\u00f3n HTTP que contiene una secuencia de escape para el emulador de terminal."
}
],
"id": "CVE-2009-4489",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-13T20:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37933"
},
{
"source": "cve@mitre.org",
"url": "http://svn.cherokee-project.com/changeset/3944"
},
{
"source": "cve@mitre.org",
"url": "http://svn.cherokee-project.com/changeset/3977"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/37715"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.cherokee-project.com/changeset/3944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.cherokee-project.com/changeset/3977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/37715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0090"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}