CVE-2019-20799 - In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to d

CVE-2019-20799

Summary

In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.

References

Vulnerable Configurations

cpe:2.3:a:cherokee-project:cherokee:-:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:-:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.103:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.103:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.104:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.104:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 28-04-2022 - 19:30)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

gentoo	GLSA-202012-09
misc	https://github.com/cherokee/webserver/issues/1221 https://github.com/cherokee/webserver/issues/1222 https://github.com/cherokee/webserver/issues/1225 https://github.com/cherokee/webserver/issues/1226 https://logicaltrust.net/blog/2019/11/cherokee.html

Last major update

28-04-2022 - 19:30

Published

18-05-2020 - 00:15

Last modified

28-04-2022 - 19:30