Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cherokee cherokee_logger_ncsa_write_string 格式串漏洞
Vulnerability Description
Cherokee是一款Web服务器,它支持HTTP负载平衡、日志记录和HTTP反向代理等。 Cherokee 0.4.17及之前版本的cherokee_logger_ncsa_write_string函数中存在格式化字符串漏洞。 通过auth_pam进行验证时,远程攻击者可以借助URL中的格式化字符串,造成拒绝服务(应用程序崩溃)并可能执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A