Cherokee Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are vulnerable.

Solution

Updates are available. Please see the references for details.

References

http://www.alobbs.com/modules.php?op=modload&name=cherokee&file=index
http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37715

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4489

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
IBM WebSphere Application Server Multiple Vulnerabilities
Check for dangerous IIS default files
Apache mod_include priviledge escalation
GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities

Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities