Vulnerabilities > CVE-2004-1946 - Unspecified vulnerability in Cherokee Httpd 0.4.16

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cherokee

NVD

Published: 2004-04-19

Updated: 2017-07-11

Summary

Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Cherokee Cherokee Cherokee Httpd 0.4.16	1

References

http://www.nosystem.com.ar/advisories/advisory-03.txt
http://marc.info/?l=bugtraq&m=108249818308672&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15924