Cherokee Directory Traversal Flaw Network Vulnerability

Summary

The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to directory traversal flaw when appending a '../' sequence to the web request. Additionally, this version fails to drop root privileges after it binds to listen port. Remote attacker can then submit specially crafted web request to browse any file on the server with root privileges.

Solution

Upgrade to Cherokee 0.2.8 or newer

Severity

Classification

CVE CVE-2001-1432
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

SSH Multiple Vulns
Too long OPTIONS parameter
NNTP password overflow
NSS Library SSLv2 Challenge Overflow
Array Networks vxAG/xAPV Authentication Bypass Vulnerabilities

Cherokee directory traversal flaw

Take action and discover your vulnerabilities