CVE-2001-1432

Description

Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Affected products

• cherokee / cherokee_httpd0.1 – 0.1
• cherokee / cherokee_httpd0.1.5 – 0.1.5
• cherokee / cherokee_httpd0.1.6 – 0.1.6
• cherokee / cherokee_httpd0.2 – 0.2
• cherokee / cherokee_httpd0.2.5 – 0.2.5
• cherokee / cherokee_httpd0.2.6 – 0.2.6
• cherokee / cherokee_httpd0.2.7 – 0.2.7

References

• MISChttp://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7799
• MISChttp://www.securityfocus.com/bid/3772
• MISChttp://www.kb.cert.org/vuls/id/464827