Signature Detail

Short Name	HTTP:STC:VULN:CHEROKEE-0-4-17-1
Severity	Info
Recommended	No
Category	HTTP
Keywords	Vulnerable Cherokee version (< 0.4.17.1)
Release Date	2005/03/10
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Vulnerable Cherokee version (< 0.4.17.1)

This signature detects Cherokee 0.4.17.1 and earlier versions, which are vulnerable to format string attacks.

Extended Description

It is reported that Cherokee is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. A remote attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service.

Affected Products

Cherokee Cherokee HTTPD 0.1.0
Cherokee Cherokee HTTPD 0.1.5
Cherokee Cherokee HTTPD 0.1.6
Cherokee Cherokee HTTPD 0.2.0
Cherokee Cherokee HTTPD 0.2.5
Cherokee Cherokee HTTPD 0.2.6
Cherokee Cherokee HTTPD 0.2.7
Cherokee Cherokee HTTPD 0.4.17
Cherokee Cherokee HTTPD 0.4.6
Cherokee Cherokee HTTPD 0.4.7
Cherokee Cherokee HTTPD 0.4.8

References

BugTraq: 11574
CVE: CVE-2004-1097
URL: http://www.securityfocus.com/advisories/7424
URL: http://www.gentoo.org/security/en/glsa/glsa-200411-02.xml
URL: http://www.kb.cert.org/vuls/id/245795

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Vulnerable Cherokee version (< 0.4.17.1)

Extended Description

Affected Products

References