CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Cherokee-Project: >> Cherokee >> 0.11.1 Security Vulnerabilities

CVE-2011-2190

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

CVSS Score

2.1

EPSS Score

0.001

Published

2011-10-07

CVE-2011-2191

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

CVSS Score

6.8

EPSS Score

0.005

Published

2011-10-07

Page 1

Vulnerabilities

Vulnerable Software

Cherokee-Project: >> Cherokee >> 0.11.1 Security Vulnerabilities

Products

Pricing

Contact Us