Описание
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
Ссылки
- Exploit
- US Government Resource
- ExploitPatch
- Exploit
- US Government Resource
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01268
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
EPSS
Процентиль: 79%
0.01268
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other