Cherokee-project Cherokee — known CVE vulnerabilities
Every CVE whose affected-product data names Cherokee-project Cherokee, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-20800 — CVSS 9.8 (critical): In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by…
CVE-2019-20798 — CVSS 8.4 (high): An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About…
CVE-2020-12845 — CVSS 7.5 (high): Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can…
CVE-2019-20799 — CVSS 7.5 (high): In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.
CVE-2011-2191 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the…
CVE-2014-4668 — CVSS 6.8 (medium): The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly…
CVE-2009-4489 — CVSS 5.0 (medium): header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote…
CVE-2011-2190 — CVSS 2.1 (low): The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which…