Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
| Software | From | Fixed in |
|---|---|---|
| cherokee / cherokee_httpd | 0.1 | 0.1.x |
| cherokee / cherokee_httpd | 0.1.5 | 0.1.5.x |
| cherokee / cherokee_httpd | 0.1.6 | 0.1.6.x |
| cherokee / cherokee_httpd | 0.2 | 0.2.x |
| cherokee / cherokee_httpd | 0.2.5 | 0.2.5.x |
| cherokee / cherokee_httpd | 0.2.6 | 0.2.6.x |