CVE-2004-1097

Name of the Vulnerable Software and Affected Versions: Cherokee versions 0.4.17 and earlier

Description: The issue is related to a format string vulnerability in the cherokee logger ncsa write string function when authenticating via auth pam. This vulnerability allows remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code via format string specifiers in the URL.

Recommendations: For Cherokee versions 0.4.17 and earlier, consider updating to a version later than 0.4.17 to resolve the issue. As a temporary workaround, restrict access to the auth pam authentication module to minimize the risk of exploitation.