Summary
The remote web server is vulnerable to a cross-site scripting issue.
Description :
The remote host is running Cherokee - a fast and tiny web server.
Due to a lack of sanitization from the user input, The remote version of this software is vulnerable to cross-site scripting attacks due to lack of sanitization in returned error pages.
Solution
Upgrade to Cherokee 0.4.8 or newer.
Severity
Classification
-
CVE CVE-2004-2171 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- IIS IDA/IDQ Path Disclosure
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability