CVE-2014-4668

Cherokee <1.2.103 - Auth Bypass

Title source: llm

Description

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

References (9)

Scores

EPSS 0.0060
EPSS Percentile 69.3%

Classification

CWE
CWE-287
Status draft

Affected Products (10)

fedoraproject/fedora
fedoraproject/fedora
fedoraproject/fedora
mageia_project/mageia
cherokee-project/cherokee < 1.2.103
cherokee-project/cherokee
cherokee-project/cherokee
cherokee-project/cherokee
cherokee-project/cherokee
cherokee-project/cherokee

Timeline

Published Jul 02, 2014
Tracked Since Feb 18, 2026