CVE-2020-12845 : What You Need to Know

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service vulnerability due to NULL pointer dereferences. Attackers can crash the server by sending a malformed HTTP request with mishandled Authorization headers.

Understanding CVE-2020-12845

Cherokee web server versions 0.4.27 to 1.2.104 are susceptible to a denial of service attack.

What is CVE-2020-12845?

This CVE describes a vulnerability in Cherokee web server versions 0.4.27 to 1.2.104 that allows remote unauthenticated attackers to crash the server by exploiting NULL pointer dereferences.

The Impact of CVE-2020-12845

The vulnerability can be exploited by sending a specially crafted HTTP request to protected resources, leading to a denial of service condition.

Technical Details of CVE-2020-12845

Cherokee web server vulnerability details.

Vulnerability Description

A NULL pointer dereference vulnerability in Cherokee web server versions 0.4.27 to 1.2.104 allows remote attackers to crash the server by sending a malformed HTTP request with mishandled Authorization headers.

Affected Systems and Versions

Cherokee web server versions 0.4.27 to 1.2.104

Exploitation Mechanism

Attackers exploit the vulnerability by sending a specially crafted HTTP request with malformed Authorization headers.

Mitigation and Prevention

Protecting systems from CVE-2020-12845.

Immediate Steps to Take

Apply security patches provided by Cherokee to address the vulnerability.
Monitor network traffic for any suspicious activity targeting the Cherokee web server.

Long-Term Security Practices

Regularly update and patch the Cherokee web server to prevent known vulnerabilities.
Implement network security measures to detect and block malicious traffic targeting the server.

Patching and Updates

Check Cherokee's official website for security advisories and updates to mitigate the CVE-2020-12845 vulnerability.