Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2190

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-2190
Last Modified 14 May 2012 12:00:00
Published 06 Oct 2011 10:51:40
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2190

Summary

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

Vulnerable Systems

Application

  • Cherokee-project Cherokee 0.10.0

  • Cherokee-project Cherokee 0.10.1

  • Cherokee-project Cherokee 0.11.0

  • Cherokee-project Cherokee 0.11.1

  • Cherokee-project Cherokee 0.11.2

  • Cherokee-project Cherokee 0.11.3

  • Cherokee-project Cherokee 0.11.4

  • Cherokee-project Cherokee 0.11.5

  • Cherokee-project Cherokee 0.11.6

  • Cherokee-project Cherokee 0.3.0

  • Cherokee-project Cherokee 0.4.0

  • Cherokee-project Cherokee 0.4.1

  • Cherokee-project Cherokee 0.4.10

  • Cherokee-project Cherokee 0.4.11

  • Cherokee-project Cherokee 0.4.12

  • Cherokee-project Cherokee 0.4.13

  • Cherokee-project Cherokee 0.4.14

  • Cherokee-project Cherokee 0.4.15

  • Cherokee-project Cherokee 0.4.16

  • Cherokee-project Cherokee 0.4.17

  • Cherokee-project Cherokee 0.4.18

  • Cherokee-project Cherokee 0.4.19

  • Cherokee-project Cherokee 0.4.2

  • Cherokee-project Cherokee 0.4.20

  • Cherokee-project Cherokee 0.4.21

  • Cherokee-project Cherokee 0.4.22

  • Cherokee-project Cherokee 0.4.23

  • Cherokee-project Cherokee 0.4.24

  • Cherokee-project Cherokee 0.4.25

  • Cherokee-project Cherokee 0.4.26

  • Cherokee-project Cherokee 0.4.27

  • Cherokee-project Cherokee 0.4.28

  • Cherokee-project Cherokee 0.4.29

  • Cherokee-project Cherokee 0.4.3

  • Cherokee-project Cherokee 0.4.30

  • Cherokee-project Cherokee 0.4.4

  • Cherokee-project Cherokee 0.4.5

  • Cherokee-project Cherokee 0.4.6

  • Cherokee-project Cherokee 0.4.7

  • Cherokee-project Cherokee 0.4.8

  • Cherokee-project Cherokee 0.4.9

  • Cherokee-project Cherokee 0.5.0

  • Cherokee-project Cherokee 0.5.1

  • Cherokee-project Cherokee 0.5.2

  • Cherokee-project Cherokee 0.5.3

  • Cherokee-project Cherokee 0.5.4

  • Cherokee-project Cherokee 0.5.5

  • Cherokee-project Cherokee 0.5.6

  • Cherokee-project Cherokee 0.6.0

  • Cherokee-project Cherokee 0.6.1

  • Cherokee-project Cherokee 0.7.0

  • Cherokee-project Cherokee 0.7.1

  • Cherokee-project Cherokee 0.7.2

  • Cherokee-project Cherokee 0.8.0

  • Cherokee-project Cherokee 0.8.1

  • Cherokee-project Cherokee 0.9.0

  • Cherokee-project Cherokee 0.9.1

  • Cherokee-project Cherokee 0.9.2

  • Cherokee-project Cherokee 0.9.3

  • Cherokee-project Cherokee 0.9.4

  • Cherokee-project Cherokee 0.98.0

  • Cherokee-project Cherokee 0.98.1

  • Cherokee-project Cherokee 0.99.0

  • Cherokee-project Cherokee 0.99.07

  • Cherokee-project Cherokee 0.99.1

  • Cherokee-project Cherokee 0.99.10

  • Cherokee-project Cherokee 0.99.11

  • Cherokee-project Cherokee 0.99.12

  • Cherokee-project Cherokee 0.99.13

  • Cherokee-project Cherokee 0.99.14

  • Cherokee-project Cherokee 0.99.15

  • Cherokee-project Cherokee 0.99.16

  • Cherokee-project Cherokee 0.99.17

  • Cherokee-project Cherokee 0.99.18

  • Cherokee-project Cherokee 0.99.19

  • Cherokee-project Cherokee 0.99.2

  • Cherokee-project Cherokee 0.99.20

  • Cherokee-project Cherokee 0.99.21

  • Cherokee-project Cherokee 0.99.22

  • Cherokee-project Cherokee 0.99.23

  • Cherokee-project Cherokee 0.99.24

  • Cherokee-project Cherokee 0.99.25

  • Cherokee-project Cherokee 0.99.26

  • Cherokee-project Cherokee 0.99.27

  • Cherokee-project Cherokee 0.99.28

  • Cherokee-project Cherokee 0.99.29

  • Cherokee-project Cherokee 0.99.3

  • Cherokee-project Cherokee 0.99.30

  • Cherokee-project Cherokee 0.99.31

  • Cherokee-project Cherokee 0.99.32

  • Cherokee-project Cherokee 0.99.33

  • Cherokee-project Cherokee 0.99.34

  • Cherokee-project Cherokee 0.99.35

  • Cherokee-project Cherokee 0.99.36

  • Cherokee-project Cherokee 0.99.37

  • Cherokee-project Cherokee 0.99.38

  • Cherokee-project Cherokee 0.99.39

  • Cherokee-project Cherokee 0.99.4

  • Cherokee-project Cherokee 0.99.40

  • Cherokee-project Cherokee 0.99.41

  • Cherokee-project Cherokee 0.99.42

  • Cherokee-project Cherokee 0.99.43

  • Cherokee-project Cherokee 0.99.44

  • Cherokee-project Cherokee 0.99.45

  • Cherokee-project Cherokee 0.99.46

  • Cherokee-project Cherokee 0.99.47

  • Cherokee-project Cherokee 0.99.48

  • Cherokee-project Cherokee 0.99.49

  • Cherokee-project Cherokee 0.99.5

  • Cherokee-project Cherokee 0.99.6

  • Cherokee-project Cherokee 0.99.8

  • Cherokee-project Cherokee 0.99.9

  • Cherokee-project Cherokee 1.0.0

  • Cherokee-project Cherokee 1.0.1

  • Cherokee-project Cherokee 1.0.10

  • Cherokee-project Cherokee 1.0.11

  • Cherokee-project Cherokee 1.0.12

  • Cherokee-project Cherokee 1.0.13

  • Cherokee-project Cherokee 1.0.14

  • Cherokee-project Cherokee 1.0.15

  • Cherokee-project Cherokee 1.0.16

  • Cherokee-project Cherokee 1.0.17

  • Cherokee-project Cherokee 1.0.18

  • Cherokee-project Cherokee 1.0.19

  • Cherokee-project Cherokee 1.0.2

  • Cherokee-project Cherokee 1.0.20

  • Cherokee-project Cherokee 1.0.3

  • Cherokee-project Cherokee 1.0.4

  • Cherokee-project Cherokee 1.0.5

  • Cherokee-project Cherokee 1.0.6

  • Cherokee-project Cherokee 1.0.7

  • Cherokee-project Cherokee 1.0.8

  • Cherokee-project Cherokee 1.0.9

  • Cherokee-project Cherokee 1.2.0

  • Cherokee-project Cherokee 1.2.1

  • Cherokee-project Cherokee 1.2.2

  • Cherokee-project Cherokee 1.2.98


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=713304

MLIST - [oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf

MLIST - [oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf

CONFIRM - http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz

CONFIRM - http://code.google.com/p/cherokee/issues/detail?id=1212

BID - 49772

FEDORA - FEDORA-2011-12698


Last Updated: 27 May 2016 10:56:57