2.1 CVE-2011-2190

Patch

La función generate_admin_password en Cherokee antes de 1.2.99 usa valores de tiempo y PID para la siembra de un generador de números aleatorios, lo que facilita a los usuarios locales determinar las contraseñas de administrador mediante un ataque de fuerza bruta.
https://nvd.nist.gov/vuln/detail/CVE-2011-2190

Categorías

CWE-310

Referencias

BID

49772

CONFIRM Patch

http://code.google.com/p/cherokee/issues/detail?id=1212 Patch
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz Patch
https://bugzilla.redhat.com/show_bug.cgi?id=713304 Patch

FEDORA

FEDORA-2011-12698

_MLIST Patch

[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf Patch
[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf Patch

CPE

cpe	iniciar	fin
Configuration 1
cpe:2.3:a:cherokee-project:cherokee:0.3.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.07:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.33:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.34:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.35:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.36:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.37:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.38:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.39:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.40:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.41:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.42:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.43:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.44:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.45:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.46:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.47:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.48:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.49:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:::::::*
cpe:2.3:a:cherokee-project:cherokee::::::::		<= 1.2.98

REMEDIACIÓN

Patch

Url
http://code.google.com/p/cherokee/issues/detail?id=1212
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
https://bugzilla.redhat.com/show_bug.cgi?id=713304
[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf
[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf

EXPLOTA

Exploit-db.com

id	descripción	fecha
No hay exploits conocidos

Otros (github, ...)

Url
No hay exploits conocidos

CAPEC

Common Attack Pattern Enumerations and Classifications

id	descripción	gravedad
No hay entrada

MITRE

Sherlock® flash

Haz una foto de tu red informática en unos pocos clics !

La solución de auditoría Sherlock® flash le permite realizar una auditoría para reforzar la seguridad de sus activos informáticos. Escaneo de vulnerabilidad de sus equipos físicos y virtuales. Planificación de parches por nivel de prioridad y tiempo disponible. Informes detallados e intuitivos.

Descubra esta oferta

Sherlock® flash: primera solución de auditoría de ciberseguridad instantánea

cpe	iniciar	fin
Configuration 1
cpe:2.3:a:cherokee-project:cherokee:0.3.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.07:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.33:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.34:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.35:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.36:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.37:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.38:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.39:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.40:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.41:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.42:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.43:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.44:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.45:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.46:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.47:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.48:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.49:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:::::::*
cpe:2.3:a:cherokee-project:cherokee::::::::		<= 1.2.98