Cross-Site Scripting In Cherokee Error Pages Network Vulnerability

Summary

The remote web server is vulnerable to a cross-site scripting issue. Description : The remote host is running Cherokee - a fast and tiny web server. Due to a lack of sanitization from the user input, The remote version of this software is vulnerable to cross-site scripting attacks due to lack of sanitization in returned error pages.

Solution

Upgrade to Cherokee 0.4.8 or newer.

Severity

Classification

CVE CVE-2004-2171

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability
Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)

Cross-Site Scripting in Cherokee Error Pages

Take action and discover your vulnerabilities