CVE-2004-1097
Summary
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
- LOW
- NETWORK
- NONE
- COMPLETE
- COMPLETE
- COMPLETE
References
Advisory Timeline
- Published