CVE-2020-12845
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.
Cherokee versiones 0.4.27 a 1.2.104, está afectado por una denegación de servicio debido a una desreferencia del puntero NULL. Un atacante remoto no autenticado puede bloquear el servidor mediante el envío de una petición HTTP hacia los recursos protegidos usando un encabezado de autorización malformado que es manejado inapropiadamente durante una llamada de cherokee_buffer_add dentro de cherokee_validator_parse_basic o cherokee_validator_parse_digest
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-14 CVE Reserved
- 2020-07-27 CVE Published
- 2023-07-16 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/cherokee/webserver/releases | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/cherokee/webserver/issues/1242 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://cherokee-project.com/downloads.html | 2022-11-29 | |
https://security.gentoo.org/glsa/202012-09 | 2022-11-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cherokee-project Search vendor "Cherokee-project" | Cherokee Search vendor "Cherokee-project" for product "Cherokee" | >= 0.4.27 <= 1.2.104 Search vendor "Cherokee-project" for product "Cherokee" and version " >= 0.4.27 <= 1.2.104" | - |
Affected
|