Cherokee: >> Cherokee Httpd >> 0.4.17 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
CVSS Score
4.3
EPSS Score
0.003
Published
2006-04-11
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
CVSS Score
10.0
EPSS Score
0.037
Published
2005-01-10