Details of VAR-201907-1212

ID

VAR-201907-1212

CVE

CVE-2019-1010218

TITLE

Cherokee Web Server Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-006710 // CNNVD: CNNVD-201907-1181

DESCRIPTION

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet. Cherokee Web Server Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CherokeeWebServer is a web server for high-concurrency web applications. A buffer overflow vulnerability exists in CherokeeWebServer 1.2.103 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-1010218 // JVNDB: JVNDB-2019-006710 // CNVD: CNVD-2019-24007 // VULMON: CVE-2019-1010218

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-24007

AFFECTED PRODUCTS

vendor:	cherokee	model:	web server	scope:	lte	version:	1.2.103	Trust: 1.8
vendor:	cherokee	model:	web server	scope:	lte	version:	<=1.2.103	Trust: 0.6

sources: CNVD: CNVD-2019-24007 // JVNDB: JVNDB-2019-006710 // NVD: CVE-2019-1010218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1010218
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1010218
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-24007
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-1181
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-1010218
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1010218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-24007
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-1010218
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-1010218
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-24007 // VULMON: CVE-2019-1010218 // JVNDB: JVNDB-2019-006710 // CNNVD: CNNVD-201907-1181 // NVD: CVE-2019-1010218

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2019-006710 // NVD: CVE-2019-1010218

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1181

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1181

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006710

PATCH

title:	Cherokee Web Server	url:	https://github.com/cherokee/webserver	Trust: 0.8
title:	-	url:	https://github.com/CPAN-Security/Net-NVD	Trust: 0.1

sources: VULMON: CVE-2019-1010218 // JVNDB: JVNDB-2019-006710

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1010218	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-006710	Trust: 0.8
db:	CNVD	id:	CNVD-2019-24007	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-1181	Trust: 0.6
db:	VULMON	id:	CVE-2019-1010218	Trust: 0.1

sources: CNVD: CNVD-2019-24007 // VULMON: CVE-2019-1010218 // JVNDB: JVNDB-2019-006710 // CNNVD: CNNVD-201907-1181 // NVD: CVE-2019-1010218

REFERENCES

url:	https://i.imgur.com/pwccyir.png	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1010218	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1010218	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/cpan-security/net-nvd	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-24007 // VULMON: CVE-2019-1010218 // JVNDB: JVNDB-2019-006710 // CNNVD: CNNVD-201907-1181 // NVD: CVE-2019-1010218

SOURCES

db:	CNVD	id:	CNVD-2019-24007
db:	VULMON	id:	CVE-2019-1010218
db:	JVNDB	id:	JVNDB-2019-006710
db:	CNNVD	id:	CNNVD-201907-1181
db:	NVD	id:	CVE-2019-1010218

LAST UPDATE DATE

2024-11-23T22:58:37.781000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-24007	date:	2019-07-24T00:00:00
db:	VULMON	id:	CVE-2019-1010218	date:	2020-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-006710	date:	2019-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201907-1181	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1010218	date:	2024-11-21T04:18:03.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-24007	date:	2019-07-24T00:00:00
db:	VULMON	id:	CVE-2019-1010218	date:	2019-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-006710	date:	2019-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201907-1181	date:	2019-07-22T00:00:00
db:	NVD	id:	CVE-2019-1010218	date:	2019-07-22T18:15:10.917