Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are vulnerable.
Updates are available. Please see the references for details.
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011