Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cherokee_httpd | Cherokee | 0.1 (including) | 0.1 (including) |
| Cherokee_httpd | Cherokee | 0.1.5 (including) | 0.1.5 (including) |
| Cherokee_httpd | Cherokee | 0.1.6 (including) | 0.1.6 (including) |
| Cherokee_httpd | Cherokee | 0.2 (including) | 0.2 (including) |
| Cherokee_httpd | Cherokee | 0.2.5 (including) | 0.2.5 (including) |
| Cherokee_httpd | Cherokee | 0.2.6 (including) | 0.2.6 (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
- http://www.kb.cert.org/vuls/id/245795
- http://www.securityfocus.com/bid/3771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7797
- http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
- http://www.kb.cert.org/vuls/id/245795
- http://www.securityfocus.com/bid/3771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7797