Nessus Plugin #15621
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Cherokee directory traversal flaw
- Family:
- Gain a shell remotely
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Checks for version of Cherokee
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- 3771, 3772
- Xrefs:
- -
- Description:
The remote host is running Cherokee - a fast and tiny web server.
The remote version of this software is vulnerable to directory
traversal flaw when appending a '../' sequence to the web request.
Additionally, this version fails to drop root privileges after it binds
to listen port.
Remote attacker can then submit specially crafted web request to
browse any file on the server with root privileges.
Solution : Upgrade to Cherokee 0.2.8 or newer
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.