Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are vulnerable.
Updates are available. Please see the references for details.
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- Apache UserDir Sensitive Information Disclosure
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- bozotic HTTP server Denial of Service Vulnerability