Open godpit opened 6 years ago
godpit
commented
6 years ago Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
skinkie
commented
6 years ago Is this issue still present in the latest version? We are much further than 2006 :)
godpit
commented
6 years ago I don't know where I used Cherokee Web Server. The error was scanned by the scanning tool.
skinkie
commented
6 years ago Which tool did you use, so I can try to reproduce the problem?
godpit
commented
6 years ago I don't know, this is the result of a third party security scanning company. Can you tell me where I will use the Cherokee Web Server? or scene?
skinkie
commented
6 years ago I'll see if I can reproduce it soon :)
godpit
commented
6 years ago The third party security scanning company scanned my port of the server, but i didn't use the ' cherokee' . This port is monitored by one of my web applications.
skinkie
commented
5 years ago This might be the same issue as #1223, which now has a fix.
how to resolve this problem, please?