6.8
CVE-2014-4668
- EPSS 0.6%
- Veröffentlicht 02.07.2014 04:14:17
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version20
Fedoraproject ≫ Fedora Version21
Fedoraproject ≫ Fedora Version22
Mageia Project ≫ Mageia Version4
Cherokee-project ≫ Cherokee Version <= 1.2.103
Cherokee-project ≫ Cherokee Version1.2.2
Cherokee-project ≫ Cherokee Version1.2.98
Cherokee-project ≫ Cherokee Version1.2.99
Cherokee-project ≫ Cherokee Version1.2.101
Cherokee-project ≫ Cherokee Version1.2.102
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.688 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.