2.1 CVE-2011-2190

Patch
 

La funzione generate_admin_password in Cherokee prima della 1.2.99 utilizza i valori di tempo e PID per il seeding di un generatore di numeri casuali, il che rende più facile per gli utenti locali determinare le password degli amministratori tramite un attacco di forza bruta.
https://nvd.nist.gov/vuln/detail/CVE-2011-2190

Categorie

CWE-310

Riferimenti


 

CPE

cpe avviare fine
Configuration 1
cpe:2.3:a:cherokee-project:cherokee:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.9:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.10:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.11:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.12:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.13:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.14:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.15:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.16:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.17:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.18:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.19:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.20:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.21:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.22:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.23:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.24:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.25:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.26:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.28:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.29:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.4.30:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.11.6:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.98.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.98.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.3:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.6:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.07:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.9:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.10:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.11:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.12:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.13:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.14:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.15:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.16:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.17:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.18:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.19:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.20:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.21:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.22:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.23:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.24:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.25:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.26:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.27:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.28:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.29:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.30:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.33:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.34:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.35:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.36:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.37:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.38:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.39:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.40:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.41:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.42:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.43:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.44:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.45:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.46:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.47:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.48:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:0.99.49:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.0.20:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:* <= 1.2.98

Patch

Url
http://code.google.com/p/cherokee/issues/detail?id=1212
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
https://bugzilla.redhat.com/show_bug.cgi?id=713304
[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf
[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf

Exploits

Exploit-db.com
id descrizione data
Nessuna impresa nota
Altro (github, ...)/h5>
Url
Nessuna impresa nota

CAPEC

id descrizione gravità
Nessuna voce

Sherlock® flash

Fotografate la vostra rete di computer in pochi clic !

La soluzione di audit Sherlock® flash consente di eseguire un audit per rafforzare la sicurezza delle risorse IT. Scansione delle vulnerabilità delle apparecchiature fisiche e virtuali. Pianificazione delle patch in base al livello di priorità e al tempo disponibile. Reporting dettagliato e intuitivo.

Scopri questa offerta

Sherlock® flash: la prima soluzione di audit istantaneo della cybersecurity