Back to search
CVE-2020-12845
Published: Jul 27, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/cherokee/webserver/releases
x_refsource_MISC
http://cherokee-project.com/downloads.html
x_refsource_MISC
https://github.com/cherokee/webserver/issues/1242
x_refsource_MISC
GLSA-202012-09
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now