{"vuid":"VU#711315","idnumber":"711315","name":"Cherokee Web Server does not adequately validate user input thereby allowing remote command execution","keywords":["Cherokee Web Server","user input","remote command execution"],"overview":"Cherokee does not properly validate HTTP requests. Attackers may exploit this vulnerability to execute arbitrary commands as root.","clean_desc":"Cherokee is a compact, open-source web server. Cherokee passes Uniform Resource Identifiers (URI's) from HTTP requests directly to the shell without filtering shell metacharacters. As a result, attackers can cause Cherokee to execute arbitrary commands by embedding the commands in an HTTP URI. Cherokee is designed to start as root and drop root privileges after binding to port 80. However, versions of Cherokee prior to 0.2.7 fail to drop privileges properly. By attacking these versions of Cherokee, attackers may execute arbitrary commands as root.","impact":"Attackers can run arbitrary commands with privileges of the Cherokee listener process, which may include root privileges.","resolution":"Upgrade Upgrade to Cherokee 0.2.7: http://aurora.esi.uem.es/~alo/cherokee/Cherokee-0.2.7.tar.gz","workarounds":"","sysaffected":"","thanks":"Thanks to GOBBLES for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://aurora.esi.uem.es/~alo/?action=cherokee","http://www.securityfocus.com/bid/3773"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-01-04T15:41:14Z","publicdate":"2001-12-29T00:00:00Z","datefirstpublished":"2002-09-24T17:43:36Z","dateupdated":"2002-09-24T17:43:40Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"4","cam_impact":"19","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"8.55","cam_scorecurrentwidelyknown":"10.6875","cam_scorecurrentwidelyknownexploited":"19.2375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":8.55,"vulnote":null}