Unrated severityNVD Advisory· Published Dec 29, 2001· Updated Apr 16, 2026

CVE-2001-1433

Description

Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.

Affected products

Cherokee/Cherokee Httpd6 versions
cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.htmlnvdExploit
www.securityfocus.com/bid/3771nvdExploitPatch
www.kb.cert.org/vuls/id/245795nvdUS Government Resource
exchange.xforce.ibmcloud.com/vulnerabilities/7797nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000