VYPR
Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Jun 16, 2026

CVE-2004-1097

CVE-2004-1097

Description

Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.4.17:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee:cherokee_httpd:0.4.8:*:*:*:*:*:*:*
    • (no CPE)range: <=0.4.17

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.