Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1097

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1097
Last Modified 05 Sep 2008 04:40:22
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1097

Summary

Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.

Vulnerable Systems

Application

  • Cherokee Httpd 0.1

  • Cherokee Httpd 0.1.5

  • Cherokee Httpd 0.1.6

  • Cherokee Httpd 0.2

  • Cherokee Httpd 0.2.5

  • Cherokee Httpd 0.2.6

  • Cherokee Httpd 0.2.7

  • Cherokee Httpd 0.4.17

  • Cherokee Httpd 0.4.6

  • Cherokee Httpd 0.4.7

  • Cherokee Httpd 0.4.8


References

BID - 11574

GENTOO - GLSA-200411-02

XF - cherokee-format-string(17934)

MISC - http://bugs.gentoo.org/show_bug.cgi?id=67667


Last Updated: 27 May 2016 10:38:54