CVE-2011-2191

Exploit

EPSS 0.59%
Veröffentlicht 07.10.2011 02:51:40
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cherokee-project ≫ Cherokee Version <= 1.2.98

Cherokee-project ≫ Cherokee Version0.3.0

Cherokee-project ≫ Cherokee Version0.4.0

Cherokee-project ≫ Cherokee Version0.4.1

Cherokee-project ≫ Cherokee Version0.4.2

Cherokee-project ≫ Cherokee Version0.4.3

Cherokee-project ≫ Cherokee Version0.4.4

Cherokee-project ≫ Cherokee Version0.4.5

Cherokee-project ≫ Cherokee Version0.4.6

Cherokee-project ≫ Cherokee Version0.4.7

Cherokee-project ≫ Cherokee Version0.4.8

Cherokee-project ≫ Cherokee Version0.4.9

Cherokee-project ≫ Cherokee Version0.4.10

Cherokee-project ≫ Cherokee Version0.4.11

Cherokee-project ≫ Cherokee Version0.4.12

Cherokee-project ≫ Cherokee Version0.4.13

Cherokee-project ≫ Cherokee Version0.4.14

Cherokee-project ≫ Cherokee Version0.4.15

Cherokee-project ≫ Cherokee Version0.4.16

Cherokee-project ≫ Cherokee Version0.4.17

Cherokee-project ≫ Cherokee Version0.4.18

Cherokee-project ≫ Cherokee Version0.4.19

Cherokee-project ≫ Cherokee Version0.4.20

Cherokee-project ≫ Cherokee Version0.4.21

Cherokee-project ≫ Cherokee Version0.4.22

Cherokee-project ≫ Cherokee Version0.4.23

Cherokee-project ≫ Cherokee Version0.4.24

Cherokee-project ≫ Cherokee Version0.4.25

Cherokee-project ≫ Cherokee Version0.4.26

Cherokee-project ≫ Cherokee Version0.4.27

Cherokee-project ≫ Cherokee Version0.4.28

Cherokee-project ≫ Cherokee Version0.4.29

Cherokee-project ≫ Cherokee Version0.4.30

Cherokee-project ≫ Cherokee Version0.5.0

Cherokee-project ≫ Cherokee Version0.5.1

Cherokee-project ≫ Cherokee Version0.5.2

Cherokee-project ≫ Cherokee Version0.5.3

Cherokee-project ≫ Cherokee Version0.5.4

Cherokee-project ≫ Cherokee Version0.5.5

Cherokee-project ≫ Cherokee Version0.5.6

Cherokee-project ≫ Cherokee Version0.6.0

Cherokee-project ≫ Cherokee Version0.6.1

Cherokee-project ≫ Cherokee Version0.7.0

Cherokee-project ≫ Cherokee Version0.7.1

Cherokee-project ≫ Cherokee Version0.7.2

Cherokee-project ≫ Cherokee Version0.8.0

Cherokee-project ≫ Cherokee Version0.8.1

Cherokee-project ≫ Cherokee Version0.9.0

Cherokee-project ≫ Cherokee Version0.9.1

Cherokee-project ≫ Cherokee Version0.9.2

Cherokee-project ≫ Cherokee Version0.9.3

Cherokee-project ≫ Cherokee Version0.9.4

Cherokee-project ≫ Cherokee Version0.10.0

Cherokee-project ≫ Cherokee Version0.10.1

Cherokee-project ≫ Cherokee Version0.11.0

Cherokee-project ≫ Cherokee Version0.11.1

Cherokee-project ≫ Cherokee Version0.11.2

Cherokee-project ≫ Cherokee Version0.11.3

Cherokee-project ≫ Cherokee Version0.11.4

Cherokee-project ≫ Cherokee Version0.11.5

Cherokee-project ≫ Cherokee Version0.11.6

Cherokee-project ≫ Cherokee Version0.98.0

Cherokee-project ≫ Cherokee Version0.98.1

Cherokee-project ≫ Cherokee Version0.99.0

Cherokee-project ≫ Cherokee Version0.99.1

Cherokee-project ≫ Cherokee Version0.99.2

Cherokee-project ≫ Cherokee Version0.99.3

Cherokee-project ≫ Cherokee Version0.99.4

Cherokee-project ≫ Cherokee Version0.99.5

Cherokee-project ≫ Cherokee Version0.99.6

Cherokee-project ≫ Cherokee Version0.99.07

Cherokee-project ≫ Cherokee Version0.99.8

Cherokee-project ≫ Cherokee Version0.99.9

Cherokee-project ≫ Cherokee Version0.99.10

Cherokee-project ≫ Cherokee Version0.99.11

Cherokee-project ≫ Cherokee Version0.99.12

Cherokee-project ≫ Cherokee Version0.99.13

Cherokee-project ≫ Cherokee Version0.99.14

Cherokee-project ≫ Cherokee Version0.99.15

Cherokee-project ≫ Cherokee Version0.99.16

Cherokee-project ≫ Cherokee Version0.99.17

Cherokee-project ≫ Cherokee Version0.99.18

Cherokee-project ≫ Cherokee Version0.99.19

Cherokee-project ≫ Cherokee Version0.99.20

Cherokee-project ≫ Cherokee Version0.99.21

Cherokee-project ≫ Cherokee Version0.99.22

Cherokee-project ≫ Cherokee Version0.99.23

Cherokee-project ≫ Cherokee Version0.99.24

Cherokee-project ≫ Cherokee Version0.99.25

Cherokee-project ≫ Cherokee Version0.99.26

Cherokee-project ≫ Cherokee Version0.99.27

Cherokee-project ≫ Cherokee Version0.99.28

Cherokee-project ≫ Cherokee Version0.99.29

Cherokee-project ≫ Cherokee Version0.99.30

Cherokee-project ≫ Cherokee Version0.99.31

Cherokee-project ≫ Cherokee Version0.99.32

Cherokee-project ≫ Cherokee Version0.99.33

Cherokee-project ≫ Cherokee Version0.99.34

Cherokee-project ≫ Cherokee Version0.99.35

Cherokee-project ≫ Cherokee Version0.99.36

Cherokee-project ≫ Cherokee Version0.99.37

Cherokee-project ≫ Cherokee Version0.99.38

Cherokee-project ≫ Cherokee Version0.99.39

Cherokee-project ≫ Cherokee Version0.99.40

Cherokee-project ≫ Cherokee Version0.99.41

Cherokee-project ≫ Cherokee Version0.99.42

Cherokee-project ≫ Cherokee Version0.99.43

Cherokee-project ≫ Cherokee Version0.99.44

Cherokee-project ≫ Cherokee Version0.99.45

Cherokee-project ≫ Cherokee Version0.99.46

Cherokee-project ≫ Cherokee Version0.99.47

Cherokee-project ≫ Cherokee Version0.99.48

Cherokee-project ≫ Cherokee Version0.99.49

Cherokee-project ≫ Cherokee Version1.0.0

Cherokee-project ≫ Cherokee Version1.0.1

Cherokee-project ≫ Cherokee Version1.0.2

Cherokee-project ≫ Cherokee Version1.0.3

Cherokee-project ≫ Cherokee Version1.0.4

Cherokee-project ≫ Cherokee Version1.0.5

Cherokee-project ≫ Cherokee Version1.0.6

Cherokee-project ≫ Cherokee Version1.0.7

Cherokee-project ≫ Cherokee Version1.0.8

Cherokee-project ≫ Cherokee Version1.0.9

Cherokee-project ≫ Cherokee Version1.0.10

Cherokee-project ≫ Cherokee Version1.0.11

Cherokee-project ≫ Cherokee Version1.0.12

Cherokee-project ≫ Cherokee Version1.0.13

Cherokee-project ≫ Cherokee Version1.0.14

Cherokee-project ≫ Cherokee Version1.0.15

Cherokee-project ≫ Cherokee Version1.0.16

Cherokee-project ≫ Cherokee Version1.0.17

Cherokee-project ≫ Cherokee Version1.0.18

Cherokee-project ≫ Cherokee Version1.0.19

Cherokee-project ≫ Cherokee Version1.0.20

Cherokee-project ≫ Cherokee Version1.2.0

Cherokee-project ≫ Cherokee Version1.2.1

Cherokee-project ≫ Cherokee Version1.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html

http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz

Patch

http://www.securityfocus.com/bid/49772

https://bugzilla.redhat.com/show_bug.cgi?id=713304

Patch

Exploit

http://osvdb.org/72693

http://seclists.org/fulldisclosure/2011/Jun/0

http://www.openwall.com/lists/oss-security/2011/06/02/2

http://www.openwall.com/lists/oss-security/2011/06/03/6

Exploit