Login Sign Up

CVE-2019-20799

7.5 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2019-20799 is a memory corruption vulnerability in Cherokee web server that allows remote attackers to cause denial of service or potentially execute arbitrary code. It affects Cherokee web server versions through 1.2.104. Organizations running vulnerable Cherokee instances are at risk.

💻 Affected Systems

Products:
  • Cherokee web server
Versions: All versions through 1.2.104
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: All Cherokee installations up to version 1.2.104 are vulnerable regardless of configuration

📦 What is this software?

Cherokee by Cherokee Project

View all CVEs affecting Cherokee →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise and potential lateral movement within the network

🟠

Likely Case

Denial of service causing server crashes and service disruption

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring in place

🌐 Internet-Facing: HIGH - Remote attackers can exploit without authentication
🏢 Internal Only: MEDIUM - Requires internal network access but still exploitable

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Multiple proof-of-concept examples exist in GitHub issues and security research blogs

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.105 and later

Vendor Advisory: https://github.com/cherokee/webserver/issues/1221

Restart Required: Yes

Instructions:

1. Download Cherokee 1.2.105 or later from official repository. 2. Stop Cherokee service. 3. Install updated version. 4. Restart Cherokee service.

🔧 Temporary Workarounds

Network segmentation and firewall rules

linux

Restrict access to Cherokee web server to trusted networks only

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Deploy web application firewall (WAF) with memory corruption protection rules

🔍 How to Verify

Check if Vulnerable:

Check Cherokee version with 'cherokee -v' or 'cherokee-admin -v'

Check Version:

cherokee -v || cherokee-admin -v

Verify Fix Applied:

Verify version is 1.2.105 or later and monitor for crash logs

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in Cherokee logs
  • Unexpected process termination
  • Memory allocation failures

Network Indicators:

  • Unusual HTTP requests causing server crashes
  • Repeated connection attempts to Cherokee ports

SIEM Query:

source="cherokee.log" AND ("segmentation fault" OR "SIGSEGV" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2019-20799
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: May 18, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-20799, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)