Vulnerabilities > Cherokee Project > Cherokee > 1.2.98
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-12845 | NULL Pointer Dereference vulnerability in Cherokee-Project Cherokee Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. | 7.5 |
| 2020-05-18 | CVE-2019-20800 | Out-of-bounds Write vulnerability in Cherokee-Project Cherokee In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers. | 9.8 |
| 2020-05-18 | CVE-2019-20799 | Out-of-bounds Write vulnerability in Cherokee-Project Cherokee In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server. | 5.0 |
| 2020-05-18 | CVE-2019-20798 | Cross-site Scripting vulnerability in Cherokee-Project Cherokee An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. | 8.4 |
| 2014-07-02 | CVE-2014-4668 | Improper Authentication vulnerability in multiple products The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | 6.8 |
| 2011-10-07 | CVE-2011-2191 | Cross-Site Request Forgery (CSRF) vulnerability in Cherokee-Project Cherokee Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. | 6.8 |
| 2011-10-07 | CVE-2011-2190 | Cryptographic Issues vulnerability in Cherokee-Project Cherokee The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. | 2.1 |