Cherokee@1.2.2 Security Vulnerabilities and Issues — Cherokee@1.2.2 CVE List

Lucene search

Cherokee-projectCherokee1.2.2

3 matches found

CVE•added 2014/07/02 4:14 a.m.•70 views

CVE-2014-4668

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

6.8CVSS6.7AI score0.00703EPSS

CVE•added 2011/10/07 2:51 a.m.•42 views

CVE-2011-2190

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

2.1CVSS6AI score0.00071EPSS

CVE•added 2011/10/07 2:51 a.m.•35 views

CVE-2011-2191

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

6.8CVSS6AI score0.00512EPSS