Cherokee 0.4.17 Format String Vulnerability in cherokee_logger_ncsa_write_string Function

Cherokee 0.4.17 Format String Vulnerability in cherokee_logger_ncsa_write_string Function

CVE-2004-1097 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.

Learn more about our Web Application Penetration Testing UK.