Description
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1975)
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1610)
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1202)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)