Vulnerabilities > CVE-2004-2171 - Cross-Site Scripting vulnerability in Cherokee Error Page
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Exploit-Db
description | Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross Site Scripting Vulnerability. CVE-2004-2171. Remote exploit for solaris platform |
id | EDB-ID:23605 |
last seen | 2016-02-02 |
modified | 2004-01-26 |
published | 2004-01-26 |
reporter | César Fernández |
source | https://www.exploit-db.com/download/23605/ |
title | Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | CHEROKEE_0_4_7.NASL |
description | The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to cross-site scripting attacks due to lack of sanitization in returned error pages. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15618 |
published | 2004-11-03 |
reporter | This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/15618 |
title | Cherokee Web Server Error Page XSS |
code |
|