Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are vulnerable.
Updates are available. Please see the references for details.
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- bozohttpd Security Bypass Vulnerability
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)