Description
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
Affected products
- cherokee / cherokee_httpd0.1 β 0.1
- cherokee / cherokee_httpd0.1.5 β 0.1.5
- cherokee / cherokee_httpd0.1.6 β 0.1.6
- cherokee / cherokee_httpd0.2 β 0.2
- cherokee / cherokee_httpd0.2.5 β 0.2.5
- cherokee / cherokee_httpd0.2.6 β 0.2.6
- cherokee / cherokee_httpd0.2.7 β 0.2.7
- cherokee / cherokee_httpd0.4.6 β 0.4.6
- cherokee / cherokee_httpd0.4.7 β 0.4.7
- cherokee / cherokee_httpd0.4.8 β 0.4.8
- cherokee / cherokee_httpd0.4.9 β 0.4.9
- cherokee / cherokee_httpd0.4.17 β 0.4.17
- cherokee / cherokee_httpd0.5 β 0.5
Exploits & PoCs
- nucleiCherokee HTTPD <=0.5 - Cross-Site Scriptingby geeknik
References
- MISChttp://www.securityfocus.com/archive/1/430385/100/0/threaded
- MISChttp://www.securityfocus.com/bid/17408
- VENDOR_ADVISORYhttp://secunia.com/advisories/19587
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1292
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25698
- MISChttp://www.osvdb.org/24469
- MISChttps://security.gentoo.org/glsa/202012-09