Vulnerabilities > Cherokee Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-12845 | NULL Pointer Dereference vulnerability in Cherokee-Project Cherokee Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. | 7.5 |
| 2020-05-18 | CVE-2019-20800 | Out-of-bounds Write vulnerability in Cherokee-Project Cherokee In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers. | 9.8 |
| 2020-05-18 | CVE-2019-20799 | Out-of-bounds Write vulnerability in Cherokee-Project Cherokee In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server. | 5.0 |
| 2020-05-18 | CVE-2019-20798 | Cross-site Scripting vulnerability in Cherokee-Project Cherokee An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. | 8.4 |
| 2019-07-22 | CVE-2019-1010218 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cherokee-Project Cherokee web Server Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. | 5.0 |
| 2014-07-02 | CVE-2014-4668 | Improper Authentication vulnerability in multiple products The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | 6.8 |
| 2011-10-07 | CVE-2011-2191 | Cross-Site Request Forgery (CSRF) vulnerability in Cherokee-Project Cherokee Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | 6.8 |
| 2011-10-07 | CVE-2011-2190 | Cryptographic Issues vulnerability in Cherokee-Project Cherokee The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | 2.1 |
| 2010-01-13 | CVE-2009-4489 | Improper Input Validation vulnerability in Cherokee-Project Cherokee header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | 5.0 |