Learn about CVE-2020-12845 affecting Cherokee web server versions 0.4.27 to 1.2.104. Find out how attackers can crash the server and steps to prevent this vulnerability.
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service vulnerability due to NULL pointer dereferences. Attackers can crash the server by sending a malformed HTTP request with mishandled Authorization headers.
Understanding CVE-2020-12845
Cherokee web server versions 0.4.27 to 1.2.104 are susceptible to a denial of service attack.
What is CVE-2020-12845?
This CVE describes a vulnerability in Cherokee web server versions 0.4.27 to 1.2.104 that allows remote unauthenticated attackers to crash the server by exploiting NULL pointer dereferences.
The Impact of CVE-2020-12845
The vulnerability can be exploited by sending a specially crafted HTTP request to protected resources, leading to a denial of service condition.
Technical Details of CVE-2020-12845
Cherokee web server vulnerability details.
Vulnerability Description
A NULL pointer dereference vulnerability in Cherokee web server versions 0.4.27 to 1.2.104 allows remote attackers to crash the server by sending a malformed HTTP request with mishandled Authorization headers.
Affected Systems and Versions
Exploitation Mechanism
Mitigation and Prevention
Protecting systems from CVE-2020-12845.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates