| VID |
22301 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Cherokee Web Server, according to its version number, has a denial of service vulnerability via the POST request. Cherokee Web Server is a compact, open-source web server for Microsoft Windows, Linux and Unix-based operating systems. Cherokee versions prior to 0.4.6-20031226 are vulnerable to a denial of service attack, caused by a vulnerability in the handling of HTTP POST requests by Cherokee. By sending a specially-crafted POST request, a remote attacker could exploit this flaw to deny service to legitimate users of a vulnerable server.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.secunia.com/advisories/10518/
http://www.osvdb.org/displayvuln.php?osvdb_id=3306
* Platforms Affected:
Cherokee Development Team, Cherokee prior to 0.4.6-20031226
Unix Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Cherokee (0.4.7 or later), available from the Cherokee Download Web page at http://www.alobbs.com/cherokee/download |
| Related URL |
CVE-2003-1198 (CVE) |
| Related URL |
9345 (SecurityFocus) |
| Related URL |
14119 (ISS) |
|
