CVE-2011-2191

Cherokee < 1.2.99 - Cross-Site Request Forgery in Cherokee-admin

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49772
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Jun/0
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/06/22
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
Exploit x_refsource_confirm
https://launchpad.net/bugs/784632
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/02/2
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=713304
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/03/6
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/72693

Scores

EPSS 0.0140
EPSS Percentile 69.2%

Details

CWE
CWE-352
Status published
Products (50)
cherokee-project/cherokee 0.3.0
cherokee-project/cherokee 0.4.0
cherokee-project/cherokee 0.4.1
cherokee-project/cherokee 0.4.2
cherokee-project/cherokee 0.4.3
cherokee-project/cherokee 0.4.4
cherokee-project/cherokee 0.4.5
cherokee-project/cherokee 0.4.6
cherokee-project/cherokee 0.4.7
cherokee-project/cherokee 0.4.8
... and 40 more
Published Oct 07, 2011
Tracked Since Feb 18, 2026