2.1 CVE-2011-2190

Patch

La funzione generate_admin_password in Cherokee prima della 1.2.99 utilizza i valori di tempo e PID per il seeding di un generatore di numeri casuali, il che rende più facile per gli utenti locali determinare le password degli amministratori tramite un attacco di forza bruta.
https://nvd.nist.gov/vuln/detail/CVE-2011-2190

Categorie

CWE-310

Riferimenti

BID

49772

CONFIRM Patch

http://code.google.com/p/cherokee/issues/detail?id=1212 Patch
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz Patch
https://bugzilla.redhat.com/show_bug.cgi?id=713304 Patch

FEDORA

FEDORA-2011-12698

_MLIST Patch

[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf Patch
[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf Patch

CPE

cpe	avviare	fine
Configuration 1
cpe:2.3:a:cherokee-project:cherokee:0.3.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.07:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.33:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.34:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.35:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.36:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.37:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.38:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.39:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.40:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.41:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.42:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.43:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.44:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.45:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.46:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.47:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.48:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.49:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:::::::*
cpe:2.3:a:cherokee-project:cherokee::::::::		<= 1.2.98

RIMEDIO

Patch

Url
http://code.google.com/p/cherokee/issues/detail?id=1212
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
https://bugzilla.redhat.com/show_bug.cgi?id=713304
[oss-security] 20110603 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf
[oss-security] 20110606 Re: CVE Request -- Cherokee -- server admin vulnerable to csrf

EXPLOITS

Exploit-db.com

id	descrizione	data
Nessuna impresa nota

Altro (github, ...)

Url
Nessuna impresa nota

CAPEC

Common Attack Pattern Enumerations and Classifications

id	descrizione	gravità
Nessuna voce

MITRE

Sherlock® flash

Fotografate la vostra rete di computer in pochi clic !

La soluzione di audit Sherlock® flash consente di eseguire un audit per rafforzare la sicurezza delle risorse IT. Scansione delle vulnerabilità delle apparecchiature fisiche e virtuali. Pianificazione delle patch in base al livello di priorità e al tempo disponibile. Reporting dettagliato e intuitivo.

Scopri questa offerta

Sherlock® flash: la prima soluzione di audit istantaneo della cybersecurity

cpe	avviare	fine
Configuration 1
cpe:2.3:a:cherokee-project:cherokee:0.3.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.4.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.5.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.6.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.7.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.8.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.9.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.10.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.11.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.98.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.07:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.33:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.34:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.35:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.36:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.37:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.38:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.39:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.40:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.41:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.42:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.43:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.44:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.45:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.46:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.47:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.48:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.49:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:::::::*
cpe:2.3:a:cherokee-project:cherokee::::::::		<= 1.2.98