Vulnerability Details CVE-2011-2191
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
- http://osvdb.org/72693
- http://seclists.org/fulldisclosure/2011/Jun/0
- http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
- http://www.openwall.com/lists/oss-security/2011/06/02/2
- http://www.openwall.com/lists/oss-security/2011/06/03/6
- http://www.openwall.com/lists/oss-security/2011/06/06/22
- http://www.securityfocus.com/bid/49772
- https://bugzilla.redhat.com/show_bug.cgi?id=713304
- https://launchpad.net/bugs/784632
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
- http://osvdb.org/72693
- http://seclists.org/fulldisclosure/2011/Jun/0
- http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
- http://www.openwall.com/lists/oss-security/2011/06/02/2
- http://www.openwall.com/lists/oss-security/2011/06/03/6
- http://www.openwall.com/lists/oss-security/2011/06/06/22
- http://www.securityfocus.com/bid/49772
- https://bugzilla.redhat.com/show_bug.cgi?id=713304
- https://launchpad.net/bugs/784632
Products affected by CVE-2011-2191
-
cpe:2.3:a:cherokee-project:cherokee:-
-
cpe:2.3:a:cherokee-project:cherokee:0.10.0
-
cpe:2.3:a:cherokee-project:cherokee:0.10.1
-
cpe:2.3:a:cherokee-project:cherokee:0.11.0
-
cpe:2.3:a:cherokee-project:cherokee:0.11.1
-
cpe:2.3:a:cherokee-project:cherokee:0.11.2
-
cpe:2.3:a:cherokee-project:cherokee:0.11.3
-
cpe:2.3:a:cherokee-project:cherokee:0.11.4
-
cpe:2.3:a:cherokee-project:cherokee:0.11.5
-
cpe:2.3:a:cherokee-project:cherokee:0.11.6
-
cpe:2.3:a:cherokee-project:cherokee:0.3.0
-
cpe:2.3:a:cherokee-project:cherokee:0.4.0
-
cpe:2.3:a:cherokee-project:cherokee:0.4.1
-
cpe:2.3:a:cherokee-project:cherokee:0.4.10
-
cpe:2.3:a:cherokee-project:cherokee:0.4.11
-
cpe:2.3:a:cherokee-project:cherokee:0.4.12
-
cpe:2.3:a:cherokee-project:cherokee:0.4.13
-
cpe:2.3:a:cherokee-project:cherokee:0.4.14
-
cpe:2.3:a:cherokee-project:cherokee:0.4.15
-
cpe:2.3:a:cherokee-project:cherokee:0.4.16
-
cpe:2.3:a:cherokee-project:cherokee:0.4.17
-
cpe:2.3:a:cherokee-project:cherokee:0.4.18
-
cpe:2.3:a:cherokee-project:cherokee:0.4.19
-
cpe:2.3:a:cherokee-project:cherokee:0.4.2
-
cpe:2.3:a:cherokee-project:cherokee:0.4.20
-
cpe:2.3:a:cherokee-project:cherokee:0.4.21
-
cpe:2.3:a:cherokee-project:cherokee:0.4.22
-
cpe:2.3:a:cherokee-project:cherokee:0.4.23
-
cpe:2.3:a:cherokee-project:cherokee:0.4.24
-
cpe:2.3:a:cherokee-project:cherokee:0.4.25
-
cpe:2.3:a:cherokee-project:cherokee:0.4.26
-
cpe:2.3:a:cherokee-project:cherokee:0.4.27
-
cpe:2.3:a:cherokee-project:cherokee:0.4.28
-
cpe:2.3:a:cherokee-project:cherokee:0.4.29
-
cpe:2.3:a:cherokee-project:cherokee:0.4.3
-
cpe:2.3:a:cherokee-project:cherokee:0.4.30
-
cpe:2.3:a:cherokee-project:cherokee:0.4.4
-
cpe:2.3:a:cherokee-project:cherokee:0.4.5
-
cpe:2.3:a:cherokee-project:cherokee:0.4.6
-
cpe:2.3:a:cherokee-project:cherokee:0.4.7
-
cpe:2.3:a:cherokee-project:cherokee:0.4.8
-
cpe:2.3:a:cherokee-project:cherokee:0.4.9
-
cpe:2.3:a:cherokee-project:cherokee:0.5.0
-
cpe:2.3:a:cherokee-project:cherokee:0.5.1
-
cpe:2.3:a:cherokee-project:cherokee:0.5.2
-
cpe:2.3:a:cherokee-project:cherokee:0.5.3
-
cpe:2.3:a:cherokee-project:cherokee:0.5.4
-
cpe:2.3:a:cherokee-project:cherokee:0.5.5
-
cpe:2.3:a:cherokee-project:cherokee:0.5.6
-
cpe:2.3:a:cherokee-project:cherokee:0.6.0
-
cpe:2.3:a:cherokee-project:cherokee:0.6.1
-
cpe:2.3:a:cherokee-project:cherokee:0.7.0
-
cpe:2.3:a:cherokee-project:cherokee:0.7.1
-
cpe:2.3:a:cherokee-project:cherokee:0.7.2
-
cpe:2.3:a:cherokee-project:cherokee:0.8.0
-
cpe:2.3:a:cherokee-project:cherokee:0.8.1
-
cpe:2.3:a:cherokee-project:cherokee:0.9.0
-
cpe:2.3:a:cherokee-project:cherokee:0.9.1
-
cpe:2.3:a:cherokee-project:cherokee:0.9.2
-
cpe:2.3:a:cherokee-project:cherokee:0.9.3
-
cpe:2.3:a:cherokee-project:cherokee:0.9.4
-
cpe:2.3:a:cherokee-project:cherokee:0.98.0
-
cpe:2.3:a:cherokee-project:cherokee:0.98.1
-
cpe:2.3:a:cherokee-project:cherokee:0.99.0
-
cpe:2.3:a:cherokee-project:cherokee:0.99.07
-
cpe:2.3:a:cherokee-project:cherokee:0.99.1
-
cpe:2.3:a:cherokee-project:cherokee:0.99.10
-
cpe:2.3:a:cherokee-project:cherokee:0.99.11
-
cpe:2.3:a:cherokee-project:cherokee:0.99.12
-
cpe:2.3:a:cherokee-project:cherokee:0.99.13
-
cpe:2.3:a:cherokee-project:cherokee:0.99.14
-
cpe:2.3:a:cherokee-project:cherokee:0.99.15
-
cpe:2.3:a:cherokee-project:cherokee:0.99.16
-
cpe:2.3:a:cherokee-project:cherokee:0.99.17
-
cpe:2.3:a:cherokee-project:cherokee:0.99.18
-
cpe:2.3:a:cherokee-project:cherokee:0.99.19
-
cpe:2.3:a:cherokee-project:cherokee:0.99.2
-
cpe:2.3:a:cherokee-project:cherokee:0.99.20
-
cpe:2.3:a:cherokee-project:cherokee:0.99.21
-
cpe:2.3:a:cherokee-project:cherokee:0.99.22
-
cpe:2.3:a:cherokee-project:cherokee:0.99.23
-
cpe:2.3:a:cherokee-project:cherokee:0.99.24
-
cpe:2.3:a:cherokee-project:cherokee:0.99.25
-
cpe:2.3:a:cherokee-project:cherokee:0.99.26
-
cpe:2.3:a:cherokee-project:cherokee:0.99.27
-
cpe:2.3:a:cherokee-project:cherokee:0.99.28
-
cpe:2.3:a:cherokee-project:cherokee:0.99.29
-
cpe:2.3:a:cherokee-project:cherokee:0.99.3
-
cpe:2.3:a:cherokee-project:cherokee:0.99.30
-
cpe:2.3:a:cherokee-project:cherokee:0.99.31
-
cpe:2.3:a:cherokee-project:cherokee:0.99.32
-
cpe:2.3:a:cherokee-project:cherokee:0.99.33
-
cpe:2.3:a:cherokee-project:cherokee:0.99.34
-
cpe:2.3:a:cherokee-project:cherokee:0.99.35
-
cpe:2.3:a:cherokee-project:cherokee:0.99.36
-
cpe:2.3:a:cherokee-project:cherokee:0.99.37
-
cpe:2.3:a:cherokee-project:cherokee:0.99.38
-
cpe:2.3:a:cherokee-project:cherokee:0.99.39
-
cpe:2.3:a:cherokee-project:cherokee:0.99.4
-
cpe:2.3:a:cherokee-project:cherokee:0.99.40
-
cpe:2.3:a:cherokee-project:cherokee:0.99.41
-
cpe:2.3:a:cherokee-project:cherokee:0.99.42
-
cpe:2.3:a:cherokee-project:cherokee:0.99.43
-
cpe:2.3:a:cherokee-project:cherokee:0.99.44
-
cpe:2.3:a:cherokee-project:cherokee:0.99.45
-
cpe:2.3:a:cherokee-project:cherokee:0.99.46
-
cpe:2.3:a:cherokee-project:cherokee:0.99.47
-
cpe:2.3:a:cherokee-project:cherokee:0.99.48
-
cpe:2.3:a:cherokee-project:cherokee:0.99.49
-
cpe:2.3:a:cherokee-project:cherokee:0.99.5
-
cpe:2.3:a:cherokee-project:cherokee:0.99.6
-
cpe:2.3:a:cherokee-project:cherokee:0.99.8
-
cpe:2.3:a:cherokee-project:cherokee:0.99.9
-
cpe:2.3:a:cherokee-project:cherokee:1.0.0
-
cpe:2.3:a:cherokee-project:cherokee:1.0.1
-
cpe:2.3:a:cherokee-project:cherokee:1.0.10
-
cpe:2.3:a:cherokee-project:cherokee:1.0.11
-
cpe:2.3:a:cherokee-project:cherokee:1.0.12
-
cpe:2.3:a:cherokee-project:cherokee:1.0.13
-
cpe:2.3:a:cherokee-project:cherokee:1.0.14
-
cpe:2.3:a:cherokee-project:cherokee:1.0.15
-
cpe:2.3:a:cherokee-project:cherokee:1.0.16
-
cpe:2.3:a:cherokee-project:cherokee:1.0.17
-
cpe:2.3:a:cherokee-project:cherokee:1.0.18
-
cpe:2.3:a:cherokee-project:cherokee:1.0.19
-
cpe:2.3:a:cherokee-project:cherokee:1.0.2
-
cpe:2.3:a:cherokee-project:cherokee:1.0.20
-
cpe:2.3:a:cherokee-project:cherokee:1.0.21
-
cpe:2.3:a:cherokee-project:cherokee:1.0.3
-
cpe:2.3:a:cherokee-project:cherokee:1.0.4
-
cpe:2.3:a:cherokee-project:cherokee:1.0.5
-
cpe:2.3:a:cherokee-project:cherokee:1.0.6
-
cpe:2.3:a:cherokee-project:cherokee:1.0.7
-
cpe:2.3:a:cherokee-project:cherokee:1.0.8
-
cpe:2.3:a:cherokee-project:cherokee:1.0.9
-
cpe:2.3:a:cherokee-project:cherokee:1.2.0
-
cpe:2.3:a:cherokee-project:cherokee:1.2.1
-
cpe:2.3:a:cherokee-project:cherokee:1.2.2
-
cpe:2.3:a:cherokee-project:cherokee:1.2.98