Vulnerability Details CVE-2011-2190
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.5%
CVSS Severity
CVSS v2 Score 2.1
References
- http://code.google.com/p/cherokee/issues/detail?id=1212
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
- http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
- http://www.openwall.com/lists/oss-security/2011/06/03/4
- http://www.openwall.com/lists/oss-security/2011/06/06/21
- http://www.securityfocus.com/bid/49772
- https://bugzilla.redhat.com/show_bug.cgi?id=713304
- http://code.google.com/p/cherokee/issues/detail?id=1212
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
- http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
- http://www.openwall.com/lists/oss-security/2011/06/03/4
- http://www.openwall.com/lists/oss-security/2011/06/06/21
- http://www.securityfocus.com/bid/49772
- https://bugzilla.redhat.com/show_bug.cgi?id=713304
Products affected by CVE-2011-2190
-
cpe:2.3:a:cherokee-project:cherokee:-
-
cpe:2.3:a:cherokee-project:cherokee:0.10.0
-
cpe:2.3:a:cherokee-project:cherokee:0.10.1
-
cpe:2.3:a:cherokee-project:cherokee:0.11.0
-
cpe:2.3:a:cherokee-project:cherokee:0.11.1
-
cpe:2.3:a:cherokee-project:cherokee:0.11.2
-
cpe:2.3:a:cherokee-project:cherokee:0.11.3
-
cpe:2.3:a:cherokee-project:cherokee:0.11.4
-
cpe:2.3:a:cherokee-project:cherokee:0.11.5
-
cpe:2.3:a:cherokee-project:cherokee:0.11.6
-
cpe:2.3:a:cherokee-project:cherokee:0.3.0
-
cpe:2.3:a:cherokee-project:cherokee:0.4.0
-
cpe:2.3:a:cherokee-project:cherokee:0.4.1
-
cpe:2.3:a:cherokee-project:cherokee:0.4.10
-
cpe:2.3:a:cherokee-project:cherokee:0.4.11
-
cpe:2.3:a:cherokee-project:cherokee:0.4.12
-
cpe:2.3:a:cherokee-project:cherokee:0.4.13
-
cpe:2.3:a:cherokee-project:cherokee:0.4.14
-
cpe:2.3:a:cherokee-project:cherokee:0.4.15
-
cpe:2.3:a:cherokee-project:cherokee:0.4.16
-
cpe:2.3:a:cherokee-project:cherokee:0.4.17
-
cpe:2.3:a:cherokee-project:cherokee:0.4.18
-
cpe:2.3:a:cherokee-project:cherokee:0.4.19
-
cpe:2.3:a:cherokee-project:cherokee:0.4.2
-
cpe:2.3:a:cherokee-project:cherokee:0.4.20
-
cpe:2.3:a:cherokee-project:cherokee:0.4.21
-
cpe:2.3:a:cherokee-project:cherokee:0.4.22
-
cpe:2.3:a:cherokee-project:cherokee:0.4.23
-
cpe:2.3:a:cherokee-project:cherokee:0.4.24
-
cpe:2.3:a:cherokee-project:cherokee:0.4.25
-
cpe:2.3:a:cherokee-project:cherokee:0.4.26
-
cpe:2.3:a:cherokee-project:cherokee:0.4.27
-
cpe:2.3:a:cherokee-project:cherokee:0.4.28
-
cpe:2.3:a:cherokee-project:cherokee:0.4.29
-
cpe:2.3:a:cherokee-project:cherokee:0.4.3
-
cpe:2.3:a:cherokee-project:cherokee:0.4.30
-
cpe:2.3:a:cherokee-project:cherokee:0.4.4
-
cpe:2.3:a:cherokee-project:cherokee:0.4.5
-
cpe:2.3:a:cherokee-project:cherokee:0.4.6
-
cpe:2.3:a:cherokee-project:cherokee:0.4.7
-
cpe:2.3:a:cherokee-project:cherokee:0.4.8
-
cpe:2.3:a:cherokee-project:cherokee:0.4.9
-
cpe:2.3:a:cherokee-project:cherokee:0.5.0
-
cpe:2.3:a:cherokee-project:cherokee:0.5.1
-
cpe:2.3:a:cherokee-project:cherokee:0.5.2
-
cpe:2.3:a:cherokee-project:cherokee:0.5.3
-
cpe:2.3:a:cherokee-project:cherokee:0.5.4
-
cpe:2.3:a:cherokee-project:cherokee:0.5.5
-
cpe:2.3:a:cherokee-project:cherokee:0.5.6
-
cpe:2.3:a:cherokee-project:cherokee:0.6.0
-
cpe:2.3:a:cherokee-project:cherokee:0.6.1
-
cpe:2.3:a:cherokee-project:cherokee:0.7.0
-
cpe:2.3:a:cherokee-project:cherokee:0.7.1
-
cpe:2.3:a:cherokee-project:cherokee:0.7.2
-
cpe:2.3:a:cherokee-project:cherokee:0.8.0
-
cpe:2.3:a:cherokee-project:cherokee:0.8.1
-
cpe:2.3:a:cherokee-project:cherokee:0.9.0
-
cpe:2.3:a:cherokee-project:cherokee:0.9.1
-
cpe:2.3:a:cherokee-project:cherokee:0.9.2
-
cpe:2.3:a:cherokee-project:cherokee:0.9.3
-
cpe:2.3:a:cherokee-project:cherokee:0.9.4
-
cpe:2.3:a:cherokee-project:cherokee:0.98.0
-
cpe:2.3:a:cherokee-project:cherokee:0.98.1
-
cpe:2.3:a:cherokee-project:cherokee:0.99.0
-
cpe:2.3:a:cherokee-project:cherokee:0.99.07
-
cpe:2.3:a:cherokee-project:cherokee:0.99.1
-
cpe:2.3:a:cherokee-project:cherokee:0.99.10
-
cpe:2.3:a:cherokee-project:cherokee:0.99.11
-
cpe:2.3:a:cherokee-project:cherokee:0.99.12
-
cpe:2.3:a:cherokee-project:cherokee:0.99.13
-
cpe:2.3:a:cherokee-project:cherokee:0.99.14
-
cpe:2.3:a:cherokee-project:cherokee:0.99.15
-
cpe:2.3:a:cherokee-project:cherokee:0.99.16
-
cpe:2.3:a:cherokee-project:cherokee:0.99.17
-
cpe:2.3:a:cherokee-project:cherokee:0.99.18
-
cpe:2.3:a:cherokee-project:cherokee:0.99.19
-
cpe:2.3:a:cherokee-project:cherokee:0.99.2
-
cpe:2.3:a:cherokee-project:cherokee:0.99.20
-
cpe:2.3:a:cherokee-project:cherokee:0.99.21
-
cpe:2.3:a:cherokee-project:cherokee:0.99.22
-
cpe:2.3:a:cherokee-project:cherokee:0.99.23
-
cpe:2.3:a:cherokee-project:cherokee:0.99.24
-
cpe:2.3:a:cherokee-project:cherokee:0.99.25
-
cpe:2.3:a:cherokee-project:cherokee:0.99.26
-
cpe:2.3:a:cherokee-project:cherokee:0.99.27
-
cpe:2.3:a:cherokee-project:cherokee:0.99.28
-
cpe:2.3:a:cherokee-project:cherokee:0.99.29
-
cpe:2.3:a:cherokee-project:cherokee:0.99.3
-
cpe:2.3:a:cherokee-project:cherokee:0.99.30
-
cpe:2.3:a:cherokee-project:cherokee:0.99.31
-
cpe:2.3:a:cherokee-project:cherokee:0.99.32
-
cpe:2.3:a:cherokee-project:cherokee:0.99.33
-
cpe:2.3:a:cherokee-project:cherokee:0.99.34
-
cpe:2.3:a:cherokee-project:cherokee:0.99.35
-
cpe:2.3:a:cherokee-project:cherokee:0.99.36
-
cpe:2.3:a:cherokee-project:cherokee:0.99.37
-
cpe:2.3:a:cherokee-project:cherokee:0.99.38
-
cpe:2.3:a:cherokee-project:cherokee:0.99.39
-
cpe:2.3:a:cherokee-project:cherokee:0.99.4
-
cpe:2.3:a:cherokee-project:cherokee:0.99.40
-
cpe:2.3:a:cherokee-project:cherokee:0.99.41
-
cpe:2.3:a:cherokee-project:cherokee:0.99.42
-
cpe:2.3:a:cherokee-project:cherokee:0.99.43
-
cpe:2.3:a:cherokee-project:cherokee:0.99.44
-
cpe:2.3:a:cherokee-project:cherokee:0.99.45
-
cpe:2.3:a:cherokee-project:cherokee:0.99.46
-
cpe:2.3:a:cherokee-project:cherokee:0.99.47
-
cpe:2.3:a:cherokee-project:cherokee:0.99.48
-
cpe:2.3:a:cherokee-project:cherokee:0.99.49
-
cpe:2.3:a:cherokee-project:cherokee:0.99.5
-
cpe:2.3:a:cherokee-project:cherokee:0.99.6
-
cpe:2.3:a:cherokee-project:cherokee:0.99.8
-
cpe:2.3:a:cherokee-project:cherokee:0.99.9
-
cpe:2.3:a:cherokee-project:cherokee:1.0.0
-
cpe:2.3:a:cherokee-project:cherokee:1.0.1
-
cpe:2.3:a:cherokee-project:cherokee:1.0.10
-
cpe:2.3:a:cherokee-project:cherokee:1.0.11
-
cpe:2.3:a:cherokee-project:cherokee:1.0.12
-
cpe:2.3:a:cherokee-project:cherokee:1.0.13
-
cpe:2.3:a:cherokee-project:cherokee:1.0.14
-
cpe:2.3:a:cherokee-project:cherokee:1.0.15
-
cpe:2.3:a:cherokee-project:cherokee:1.0.16
-
cpe:2.3:a:cherokee-project:cherokee:1.0.17
-
cpe:2.3:a:cherokee-project:cherokee:1.0.18
-
cpe:2.3:a:cherokee-project:cherokee:1.0.19
-
cpe:2.3:a:cherokee-project:cherokee:1.0.2
-
cpe:2.3:a:cherokee-project:cherokee:1.0.20
-
cpe:2.3:a:cherokee-project:cherokee:1.0.21
-
cpe:2.3:a:cherokee-project:cherokee:1.0.3
-
cpe:2.3:a:cherokee-project:cherokee:1.0.4
-
cpe:2.3:a:cherokee-project:cherokee:1.0.5
-
cpe:2.3:a:cherokee-project:cherokee:1.0.6
-
cpe:2.3:a:cherokee-project:cherokee:1.0.7
-
cpe:2.3:a:cherokee-project:cherokee:1.0.8
-
cpe:2.3:a:cherokee-project:cherokee:1.0.9
-
cpe:2.3:a:cherokee-project:cherokee:1.2.0
-
cpe:2.3:a:cherokee-project:cherokee:1.2.1
-
cpe:2.3:a:cherokee-project:cherokee:1.2.2
-
cpe:2.3:a:cherokee-project:cherokee:1.2.98