Vulnerabilities > Cherokee > Cherokee Httpd > 0.4.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-11 | CVE-2006-1681 | Unspecified vulnerability in Cherokee Httpd Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. network cherokee | 4.3 |
| 2005-01-10 | CVE-2004-1097 | Remote Format String vulnerability in Cherokee HTTPD Auth_Pam Authentication Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL. | 10.0 |