Summary
Cherokee is prone to a directory-traversal vulnerability and an information- disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting the issues may allow an attacker to obtain sensitive information that could aid in further attacks.
Cherokee 0.5.4 and prior versions are vulnerable.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
- IBM WebSphere Application Multiple Vulnerabilities Jul-11
- IBM WebSphere Application Server Administration Console DoS vulnerability
- HServer Webserver Multiple Directory Traversal Vulnerabilities