CVE-2001-1433

Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.

Published: Dec 29, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1433
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cherokee / cherokee_httpd	0.2	0.2.x
cherokee / cherokee_httpd	0.1.6	0.1.6.x
cherokee / cherokee_httpd	0.2.6	0.2.6.x
cherokee / cherokee_httpd	0.2.5	0.2.5.x
cherokee / cherokee_httpd	0.1	0.1.x
cherokee / cherokee_httpd	0.1.5	0.1.5.x

http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
http://www.kb.cert.org/vuls/id/245795
http://www.securityfocus.com/bid/3771
https://exchange.xforce.ibmcloud.com/vulnerabilities/7797

Vulnerability Database

290,476

CVE-2001-1433