Overview
Cherokee does not properly validate HTTP requests. Attackers may exploit this vulnerability to execute arbitrary commands as root.
Description
Cherokee is a compact, open-source web server. Cherokee passes Uniform Resource Identifiers (URI's) from HTTP requests directly to the shell without filtering shell metacharacters. As a result, attackers can cause Cherokee to execute arbitrary commands by embedding the commands in an HTTP URI. Cherokee is designed to start as root and drop root privileges after binding to port 80. However, versions of Cherokee prior to 0.2.7 fail to drop privileges properly. By attacking these versions of Cherokee, attackers may execute arbitrary commands as root. |
Impact
Attackers can run arbitrary commands with privileges of the Cherokee listener process, which may include root privileges. |
Solution
Upgrade |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to GOBBLES for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | None |
| Severity Metric: | 8.55 |
| Date Public: | 2001-12-29 |
| Date First Published: | 2002-09-24 |
| Date Last Updated: | 2002-09-24 17:43 UTC |
| Document Revision: | 7 |