Detections
Analytics

Cherokee Web Server auth_pam Authentication Format String

high Nessus Plugin ID 15617

Language:

Synopsis

The remote web server has a format string vulnerability.

Description

The remote host is running Cherokee - a fast and tiny web server.

The remote version of this software is vulnerable to a format string attack when processing authentication requests using auth_pam. This could allow a remote attacker to cause a denial of service, or potentially execute arbitrary code.

Solution

Upgrade to Cherokee 0.4.17.1 or later.

See Also

https://bugs.gentoo.org/show_bug.cgi?id=67667

Plugin Details

Severity: High

ID: 15617

File Name: cherokee_0_4_17.nasl

Version: 1.19

Type: remote

Family: Web Servers

Published: 11/3/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/15/2004

Reference Information

CVE: CVE-2004-1097

BID: 11574