|Title:||Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability|
|Summary:||Determine if Cherokee version is <= 0.99.30|
Cherokee is prone to a command-injection vulnerability because it
fails to adequately sanitize user-supplied input in logfiles.
Attackers can exploit this issue to execute arbitrary commands in
Cherokee 0.99.30 and prior are vulnerable.
Updates are available. Please see the references for details.
BugTraq ID: 37715|
Common Vulnerability Exposure (CVE) ID: CVE-2009-4489
Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search)
|Copyright||This script is Copyright (C) 2010 Greenbone Networks GmbH|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.