Summary
Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
Cherokee 0.99.30 and prior are vulnerable.
Solution
Updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-4489 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Acritum Femitter Server URI Directory Traversal Vulnerability
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability