The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and previous versions, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote malicious users to bypass authentication via an empty password.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
fedoraproject fedora 21 |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 22 |
||
mageia project mageia 4 |
||
cherokee-project cherokee 1.2.98 |
||
cherokee-project cherokee 1.2.2 |
||
cherokee-project cherokee 1.2.101 |
||
cherokee-project cherokee 1.2.99 |
||
cherokee-project cherokee |
||
cherokee-project cherokee 1.2.102 |
Vulmon