CVE-2009-4587 - Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an

CVE-2009-4587

Summary

Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.

References

http://www.securityfocus.com/archive/1/507456/100/0/threaded
http://www.securityfocus.com/archive/1/507651/100/0/thread
http://www.securityfocus.com/bid/36814
http://www.securitytracker.com/id?1023095
http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/
https://exchange.xforce.ibmcloud.com/vulnerabilities/53957

Vulnerable Configurations

cpe:2.3:a:cherokee:cherokee:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee:cherokee:0.5.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-10-2018 - 19:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	36814
bugtraq	20091026 Cherokee Web Server 0.5.4 Denial Of Service 20091103 Re: Cherokee Web Server 0.5.4 Denial Of Service
misc	http://xc0re.wordpress.com/2009/10/25/cherokee-web-server-0-5-4-denial-of-service/
sectrack	1023095
xf	cherokee-get-dos(53957)

Last major update

10-10-2018 - 19:49

Published

07-01-2010 - 18:30

Last modified

10-10-2018 - 19:49