Test Kennung:	1.3.6.1.4.1.25623.1.0.15622
Kategorie:	Gain a shell remotely
Titel:	Cherokee remote command execution
Zusammenfassung:	The remote version of Cherokee is vulnerable to remote; command execution due to a lack of web requests sanitization, especially shell metacharacters.;; Additionally, this version fails to drop root privileges after it binds; to listen port.
Beschreibung:	Summary: The remote version of Cherokee is vulnerable to remote command execution due to a lack of web requests sanitization, especially shell metacharacters. Additionally, this version fails to drop root privileges after it binds to listen port. Vulnerability Impact: A remote attacker may submit a specially crafted web request to execute arbitrary command on the server with root privileges. Solution: Upgrade to Cherokee 0.2.7 or newer. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 3771 BugTraq ID: 3773 Common Vulnerability Exposure (CVE) ID: CVE-2001-1433 http://www.securityfocus.com/bid/3771 CERT/CC vulnerability note: VU#245795 http://www.kb.cert.org/vuls/id/245795 http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html XForce ISS Database: cherokee-http-insecure-privileges(7797) https://exchange.xforce.ibmcloud.com/vulnerabilities/7797
Copyright	Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.