[原文]Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
Cherokee Web Server auth_pam Authentication Format String
Remote / Network Access,
Local / Remote,
Loss of Integrity,
Loss of Availability
Cherokee contains a format string vulnerability. The issue is triggered when a remote attacker sends a specially crafted URL when authenticating using auth_pam. It is possible that the flaw may allow arbitrary code execution or a denial of service condition resulting in a loss of integrity or availability.
Upgrade to version 0.4.17.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.