Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cherokee-project cherokee 1.2.99 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-4668
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and previous versions, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote malicious users to bypass authentication via an empty password.
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Mageia Project Mageia 4
Cherokee-project Cherokee 1.2.99
Cherokee-project Cherokee 1.2.2
Cherokee-project Cherokee
Cherokee-project Cherokee 1.2.101
Cherokee-project Cherokee 1.2.98
Cherokee-project Cherokee 1.2.102
2.1
CVSSv2
CVE-2011-2190
The generate_admin_password function in Cherokee prior to 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
Cherokee-project Cherokee 0.4.2
Cherokee-project Cherokee 0.7.0
Cherokee-project Cherokee 0.4.20
Cherokee-project Cherokee 0.99.34
Cherokee-project Cherokee 0.99.16
Cherokee-project Cherokee 0.99.40
Cherokee-project Cherokee 1.0.10
Cherokee-project Cherokee 1.0.3
Cherokee-project Cherokee 0.99.44
Cherokee-project Cherokee 0.99.33
Cherokee-project Cherokee 0.99.10
Cherokee-project Cherokee 0.5.3
Cherokee-project Cherokee 0.4.11
Cherokee-project Cherokee 1.0.14
Cherokee-project Cherokee 1.0.6
Cherokee-project Cherokee 0.4.14
Cherokee-project Cherokee 0.6.0
Cherokee-project Cherokee 0.99.48
Cherokee-project Cherokee 0.11.5
Cherokee-project Cherokee 0.4.13
Cherokee-project Cherokee 0.9.0
Cherokee-project Cherokee 0.99.26
6.8
CVSSv2
CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee prior to 1.2.99 allows remote malicious users to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to...
Cherokee-project Cherokee 0.4.2
Cherokee-project Cherokee 0.7.0
Cherokee-project Cherokee 0.4.20
Cherokee-project Cherokee 0.99.34
Cherokee-project Cherokee 0.99.16
Cherokee-project Cherokee 0.99.40
Cherokee-project Cherokee 1.0.10
Cherokee-project Cherokee 1.0.3
Cherokee-project Cherokee 0.99.44
Cherokee-project Cherokee 0.99.33
Cherokee-project Cherokee 0.99.10
Cherokee-project Cherokee 0.5.3
Cherokee-project Cherokee 0.4.11
Cherokee-project Cherokee 1.0.14
Cherokee-project Cherokee 1.0.6
Cherokee-project Cherokee 0.4.14
Cherokee-project Cherokee 0.6.0
Cherokee-project Cherokee 0.99.48
Cherokee-project Cherokee 0.11.5
Cherokee-project Cherokee 0.4.13
Cherokee-project Cherokee 0.9.0
Cherokee-project Cherokee 0.99.26
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started