Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2191

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2191
Last Modified 23 Nov 2011 10:58:34
Published 06 Oct 2011 10:51:40
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2191

Summary

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

Vulnerable Systems

Application

  • Cherokee-project Cherokee 0.10.0

  • Cherokee-project Cherokee 0.10.1

  • Cherokee-project Cherokee 0.11.0

  • Cherokee-project Cherokee 0.11.1

  • Cherokee-project Cherokee 0.11.2

  • Cherokee-project Cherokee 0.11.3

  • Cherokee-project Cherokee 0.11.4

  • Cherokee-project Cherokee 0.11.5

  • Cherokee-project Cherokee 0.11.6

  • Cherokee-project Cherokee 0.3.0

  • Cherokee-project Cherokee 0.4.0

  • Cherokee-project Cherokee 0.4.1

  • Cherokee-project Cherokee 0.4.10

  • Cherokee-project Cherokee 0.4.11

  • Cherokee-project Cherokee 0.4.12

  • Cherokee-project Cherokee 0.4.13

  • Cherokee-project Cherokee 0.4.14

  • Cherokee-project Cherokee 0.4.15

  • Cherokee-project Cherokee 0.4.16

  • Cherokee-project Cherokee 0.4.17

  • Cherokee-project Cherokee 0.4.18

  • Cherokee-project Cherokee 0.4.19

  • Cherokee-project Cherokee 0.4.2

  • Cherokee-project Cherokee 0.4.20

  • Cherokee-project Cherokee 0.4.21

  • Cherokee-project Cherokee 0.4.22

  • Cherokee-project Cherokee 0.4.23

  • Cherokee-project Cherokee 0.4.24

  • Cherokee-project Cherokee 0.4.25

  • Cherokee-project Cherokee 0.4.26

  • Cherokee-project Cherokee 0.4.27

  • Cherokee-project Cherokee 0.4.28

  • Cherokee-project Cherokee 0.4.29

  • Cherokee-project Cherokee 0.4.3

  • Cherokee-project Cherokee 0.4.30

  • Cherokee-project Cherokee 0.4.4

  • Cherokee-project Cherokee 0.4.5

  • Cherokee-project Cherokee 0.4.6

  • Cherokee-project Cherokee 0.4.7

  • Cherokee-project Cherokee 0.4.8

  • Cherokee-project Cherokee 0.4.9

  • Cherokee-project Cherokee 0.5.0

  • Cherokee-project Cherokee 0.5.1

  • Cherokee-project Cherokee 0.5.2

  • Cherokee-project Cherokee 0.5.3

  • Cherokee-project Cherokee 0.5.4

  • Cherokee-project Cherokee 0.5.5

  • Cherokee-project Cherokee 0.5.6

  • Cherokee-project Cherokee 0.6.0

  • Cherokee-project Cherokee 0.6.1

  • Cherokee-project Cherokee 0.7.0

  • Cherokee-project Cherokee 0.7.1

  • Cherokee-project Cherokee 0.7.2

  • Cherokee-project Cherokee 0.8.0

  • Cherokee-project Cherokee 0.8.1

  • Cherokee-project Cherokee 0.9.0

  • Cherokee-project Cherokee 0.9.1

  • Cherokee-project Cherokee 0.9.2

  • Cherokee-project Cherokee 0.9.3

  • Cherokee-project Cherokee 0.9.4

  • Cherokee-project Cherokee 0.98.0

  • Cherokee-project Cherokee 0.98.1

  • Cherokee-project Cherokee 0.99.0

  • Cherokee-project Cherokee 0.99.07

  • Cherokee-project Cherokee 0.99.1

  • Cherokee-project Cherokee 0.99.10

  • Cherokee-project Cherokee 0.99.11

  • Cherokee-project Cherokee 0.99.12

  • Cherokee-project Cherokee 0.99.13

  • Cherokee-project Cherokee 0.99.14

  • Cherokee-project Cherokee 0.99.15

  • Cherokee-project Cherokee 0.99.16

  • Cherokee-project Cherokee 0.99.17

  • Cherokee-project Cherokee 0.99.18

  • Cherokee-project Cherokee 0.99.19

  • Cherokee-project Cherokee 0.99.2

  • Cherokee-project Cherokee 0.99.20

  • Cherokee-project Cherokee 0.99.21

  • Cherokee-project Cherokee 0.99.22

  • Cherokee-project Cherokee 0.99.23

  • Cherokee-project Cherokee 0.99.24

  • Cherokee-project Cherokee 0.99.25

  • Cherokee-project Cherokee 0.99.26

  • Cherokee-project Cherokee 0.99.27

  • Cherokee-project Cherokee 0.99.28

  • Cherokee-project Cherokee 0.99.29

  • Cherokee-project Cherokee 0.99.3

  • Cherokee-project Cherokee 0.99.30

  • Cherokee-project Cherokee 0.99.31

  • Cherokee-project Cherokee 0.99.32

  • Cherokee-project Cherokee 0.99.33

  • Cherokee-project Cherokee 0.99.34

  • Cherokee-project Cherokee 0.99.35

  • Cherokee-project Cherokee 0.99.36

  • Cherokee-project Cherokee 0.99.37

  • Cherokee-project Cherokee 0.99.38

  • Cherokee-project Cherokee 0.99.39

  • Cherokee-project Cherokee 0.99.4

  • Cherokee-project Cherokee 0.99.40

  • Cherokee-project Cherokee 0.99.41

  • Cherokee-project Cherokee 0.99.42

  • Cherokee-project Cherokee 0.99.43

  • Cherokee-project Cherokee 0.99.44

  • Cherokee-project Cherokee 0.99.45

  • Cherokee-project Cherokee 0.99.46

  • Cherokee-project Cherokee 0.99.47

  • Cherokee-project Cherokee 0.99.48

  • Cherokee-project Cherokee 0.99.49

  • Cherokee-project Cherokee 0.99.5

  • Cherokee-project Cherokee 0.99.6

  • Cherokee-project Cherokee 0.99.8

  • Cherokee-project Cherokee 0.99.9

  • Cherokee-project Cherokee 1.0.0

  • Cherokee-project Cherokee 1.0.1

  • Cherokee-project Cherokee 1.0.10

  • Cherokee-project Cherokee 1.0.11

  • Cherokee-project Cherokee 1.0.12

  • Cherokee-project Cherokee 1.0.13

  • Cherokee-project Cherokee 1.0.14

  • Cherokee-project Cherokee 1.0.15

  • Cherokee-project Cherokee 1.0.16

  • Cherokee-project Cherokee 1.0.17

  • Cherokee-project Cherokee 1.0.18

  • Cherokee-project Cherokee 1.0.19

  • Cherokee-project Cherokee 1.0.2

  • Cherokee-project Cherokee 1.0.20

  • Cherokee-project Cherokee 1.0.3

  • Cherokee-project Cherokee 1.0.4

  • Cherokee-project Cherokee 1.0.5

  • Cherokee-project Cherokee 1.0.6

  • Cherokee-project Cherokee 1.0.7

  • Cherokee-project Cherokee 1.0.8

  • Cherokee-project Cherokee 1.0.9

  • Cherokee-project Cherokee 1.2.0

  • Cherokee-project Cherokee 1.2.1

  • Cherokee-project Cherokee 1.2.2

  • Cherokee-project Cherokee 1.2.98


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=713304

CONFIRM - http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz

CONFIRM - https://launchpad.net/bugs/784632

BID - 49772

MLIST - [oss-security] 20110606 Re: Security issue in cherokee

MLIST - [oss-security] 20110603 Security issue in cherokee

MLIST - [oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf

FULLDISC - 20110601 cherokee server admin vulnerable to csrf

OSVDB - 72693

FEDORA - FEDORA-2011-12698


Last Updated: 27 May 2016 10:56:57