Description

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.

Remediation

References

CVE-2020-12845

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2015-4604)

Moodle DEPRECATED: Code Vulnerability (CVE-2015-3177)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)

WebLogic Out-of-bounds Write Vulnerability (CVE-2020-36518)

Severity

High

Classification

CVE-2020-12845 CWE-476 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities