CVE-2011-2191 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cherokee-project	Cherokee

Configuration 1 [-]

OR	cpe:2.3:a:cherokee-project:cherokee::::::::
	cpe:2.3:a:cherokee-project:cherokee:0.3.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.2:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.3:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.4:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.5:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.6:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.7:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.8:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.9:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.10:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.11:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.12:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.13:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.14:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.15:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.16:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.17:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.18:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.19:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.20:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.21:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.22:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.23:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.24:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.25:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.26:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.27:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.28:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.29:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.4.30:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.2:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.3:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.4:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.5:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.5.6:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.6.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.6.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.7.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.7.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.7.2:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.8.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.8.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.9.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.9.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.9.2:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.9.3:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.9.4:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.10.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.10.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.2:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.3:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.4:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.5:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.11.6:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.98.0:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.98.1:::::::*
	cpe:2.3:a:cherokee-project:cherokee:0.99.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.07:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.21:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.22:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.23:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.24:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.25:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.26:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.27:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.28:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.29:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.30:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.31:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.32:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.33:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.34:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.35:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.36:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.37:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.38:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.39:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.40:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.41:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.42:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.43:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.44:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.45:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.46:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.47:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.48:::::::*
cpe:2.3:a:cherokee-project:cherokee:0.99.49:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.2:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.3:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.4:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.5:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.6:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.7:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.8:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.9:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.10:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.11:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.12:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.13:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.14:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.15:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.16:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.17:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.18:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.19:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.0.20:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.0:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.1:::::::*
cpe:2.3:a:cherokee-project:cherokee:1.2.2:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
http://osvdb.org/72693
http://seclists.org/fulldisclosure/2011/Jun/0
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz	Patch
http://www.openwall.com/lists/oss-security/2011/06/02/2
http://www.openwall.com/lists/oss-security/2011/06/03/6	Exploit
http://www.openwall.com/lists/oss-security/2011/06/06/22	Exploit
http://www.securityfocus.com/bid/49772
https://bugzilla.redhat.com/show_bug.cgi?id=713304	Exploit Patch
https://launchpad.net/bugs/784632	Exploit