Secunia

Some vulnerabilities have been discovered in Cherokee, which can be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service).

1) An input sanitation error within the handling of HTTP requests can be exploited to display arbitrary files outside the web root directory via traversal attacks of the form "/\../\../\".

2) An error exists within the handling of HTTP requests containing MS-DOS devices names (e.g. "AUX"), which can be exploited to crash the service.

3) An error when handling HTTP requests can be exploited to disclose the source code of files registered as scripts by appending "%20" to the URI or by requesting the 8.3 alias (short file name) of a script.

Note: The vulnerabilities may only affect systems running Windows.

The vulnerabilities are confirmed in version 0.5.4 on Windows XP. Other versions may also be affected.

Solution
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by
1) Dr_IDE
2) Usman Saeed
3) Dan Crowley, Core Security Technologies

Changelog
Further details available in Customer Area

Original Advisory
1) http://pocoftheday.blogspot.com/2009/10/cherokee-web-server-054-directory.html
2) http://packetstormsecurity.org/0910-exploits/cherokee054-dos.txt
3) http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities

Deep Links
Links available in Customer Area