Vulnerabilities > CVE-2004-1946 - Local Security vulnerability in Cherokee Httpd 0.4.16

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

cherokee

NVD

Published: 2004-04-19

Updated: 2017-07-11

Summary

Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Cherokee Cherokee Cherokee Httpd 0.4.16	1

References

http://marc.info/?l=bugtraq&m=108249818308672&w=2
http://www.nosystem.com.ar/advisories/advisory-03.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/15924