threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cherokee project cherokee
Product
cherokee project cherokee
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-12845
>= 0.4.27 and <= 1.2.104
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacke
7.5
HIGH
CVE-2019-20800
<= 1.2.104
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_c
9.8
CRITICAL
CVE-2019-20799
<= 1.2.104
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a serve
7.5
HIGH
CVE-2019-20798
<= 1.2.104
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the
8.4
HIGH
CVE-2014-4668
<= 1.2.103
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not proper
CVE-2011-2191
<= 1.2.98
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the
CVE-2011-2190
<= 1.2.98
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator,
CVE-2009-4489
<= 0.99.31
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remot
CVE-2009-4587
all versions
Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI
CVE-2009-3902
all versions
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary f
CVE-2006-1681
all versions
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script
CVE-2004-1097
all versions
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating
CVE-2004-2171
all versions
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML v
CVE-2004-1946
all versions
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users
CVE-2003-1198
all versions
connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request wit
CVE-2001-1433
all versions
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attacke
CVE-2001-1432
all versions
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin