Vulnerability Description
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cherokee | Cherokee Httpd | 0.4.16 |
References
- http://marc.info/?l=bugtraq&m=108249818308672&w=2
- http://www.nosystem.com.ar/advisories/advisory-03.txtExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15924
- http://marc.info/?l=bugtraq&m=108249818308672&w=2
- http://www.nosystem.com.ar/advisories/advisory-03.txtExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15924
FAQ
What is CVE-2004-1946?
CVE-2004-1946 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C comma...
How severe is CVE-2004-1946?
CVE-2004-1946 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1946?
Check the references section above for vendor advisories and patch information. Affected products include: Cherokee Cherokee Httpd.