CVE-2001-1433

Description

Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.

Affected products

• cherokee / cherokee_httpd0.1 – 0.1
• cherokee / cherokee_httpd0.1.5 – 0.1.5
• cherokee / cherokee_httpd0.1.6 – 0.1.6
• cherokee / cherokee_httpd0.2 – 0.2
• cherokee / cherokee_httpd0.2.5 – 0.2.5
• cherokee / cherokee_httpd0.2.6 – 0.2.6

References

• MISChttp://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
• MISChttp://www.kb.cert.org/vuls/id/245795
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7797
• MISChttp://www.securityfocus.com/bid/3771