Test ID:	1.3.6.1.4.1.25623.1.0.113693
Category:	Web application abuses
Title:	Cherokee Web Server <= 1.2.104 Multiple Vulnerabilities
Summary:	Cherokee Web Server is prone to multiple vulnerabilities.
Description:	Summary: Cherokee Web Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Cross-Site scripting (XSS) vulnerability in handler_server_info.c. - Multiple memory corruption errors may be used by an attacker to destabilize the work of a server. - Remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers in a single GET request. Vulnerability Impact: Successful exploitation would allow an attacker to prevent other users from accessing the application. inject arbitrary HTML or JavaScript into the site or even gain control over the target system. Affected Software/OS: Cherokee Web Server through version 1.2.104. Solution: Update from the source code repository found in the references. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20798 https://security.gentoo.org/glsa/202012-09 https://github.com/cherokee/webserver/issues/1227 https://logicaltrust.net/blog/2019/11/cherokee.html Common Vulnerability Exposure (CVE) ID: CVE-2019-20799 https://github.com/cherokee/webserver/issues/1221 https://github.com/cherokee/webserver/issues/1222 https://github.com/cherokee/webserver/issues/1225 https://github.com/cherokee/webserver/issues/1226 Common Vulnerability Exposure (CVE) ID: CVE-2019-20800 https://github.com/cherokee/webserver/issues/1224
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.