Vulnerability Name:

CVE-2011-2191 (CCN-67836)

Assigned:2011-06-01
Published:2011-06-01
Updated:2011-11-24
Summary:Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:W/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:W/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Jun 01 2011
cherokee server admin vulnerable to csrf

Source: MITRE
Type: CNA
CVE-2011-2191

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-12698

Source: OSVDB
Type: UNKNOWN
72693

Source: FULLDISC
Type: UNKNOWN
20110601 cherokee server admin vulnerable to csrf

Source: CCN
Type: SA44821
Cherokee Admin Cross-Site Request Forgery Vulnerability

Source: CCN
Type: Cherokee Web Site
Cherokee Web Server

Source: CONFIRM
Type: Patch
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz

Source: MLIST
Type: UNKNOWN
[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf

Source: MLIST
Type: Exploit
[oss-security] 20110603 Security issue in cherokee

Source: MLIST
Type: Exploit
[oss-security] 20110606 Re: Security issue in cherokee

Source: CCN
Type: OSVDB ID: 72693
Cherokee Admin Interface Arbitrary Command Execution CSRF

Source: BID
Type: UNKNOWN
49772

Source: CCN
Type: BID-49772
Cherokee Multiple Unspecified Vulnerabilities

Source: CONFIRM
Type: Exploit, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=713304

Source: CCN
Type: Red Hat Bugzilla Bug 713306
CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [fedora-all]

Source: XF
Type: UNKNOWN
cherokeeadmin-webinterface-csrf(67836)

Source: CONFIRM
Type: Exploit
https://launchpad.net/bugs/784632

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cherokee-project:cherokee:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.14:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.15:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.16:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.17:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.18:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.19:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.20:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.21:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.22:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.23:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.24:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.25:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.26:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.27:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.28:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.29:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.4.30:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.98.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.98.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.3:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.5:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.6:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.07:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.9:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.10:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.11:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.12:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.13:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.14:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.15:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.16:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.17:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.18:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.19:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.20:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.21:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.22:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.23:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.24:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.25:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.26:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.27:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.28:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.29:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.30:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.31:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.32:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.33:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.34:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.35:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.36:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.37:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.38:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.39:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.40:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.41:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.42:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.43:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.44:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.45:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.46:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.47:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.48:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.49:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:*:*:*:*:*:*:*:* (Version <= 1.2.98)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20112191000
    V
    		CVE-2011-2191 on Ubuntu 12.04 LTS (precise) - medium.
    2011-10-06
    BACK
    cherokee-project cherokee 0.3.0
    cherokee-project cherokee 0.4.0
    cherokee-project cherokee 0.4.1
    cherokee-project cherokee 0.4.2
    cherokee-project cherokee 0.4.3
    cherokee-project cherokee 0.4.4
    cherokee-project cherokee 0.4.5
    cherokee-project cherokee 0.4.6
    cherokee-project cherokee 0.4.7
    cherokee-project cherokee 0.4.8
    cherokee-project cherokee 0.4.9
    cherokee-project cherokee 0.4.10
    cherokee-project cherokee 0.4.11
    cherokee-project cherokee 0.4.12
    cherokee-project cherokee 0.4.13
    cherokee-project cherokee 0.4.14
    cherokee-project cherokee 0.4.15
    cherokee-project cherokee 0.4.16
    cherokee-project cherokee 0.4.17
    cherokee-project cherokee 0.4.18
    cherokee-project cherokee 0.4.19
    cherokee-project cherokee 0.4.20
    cherokee-project cherokee 0.4.21
    cherokee-project cherokee 0.4.22
    cherokee-project cherokee 0.4.23
    cherokee-project cherokee 0.4.24
    cherokee-project cherokee 0.4.25
    cherokee-project cherokee 0.4.26
    cherokee-project cherokee 0.4.27
    cherokee-project cherokee 0.4.28
    cherokee-project cherokee 0.4.29
    cherokee-project cherokee 0.4.30
    cherokee-project cherokee 0.5.0
    cherokee-project cherokee 0.5.1
    cherokee-project cherokee 0.5.2
    cherokee-project cherokee 0.5.3
    cherokee-project cherokee 0.5.4
    cherokee-project cherokee 0.5.5
    cherokee-project cherokee 0.5.6
    cherokee-project cherokee 0.6.0
    cherokee-project cherokee 0.6.1
    cherokee-project cherokee 0.7.0
    cherokee-project cherokee 0.7.1
    cherokee-project cherokee 0.7.2
    cherokee-project cherokee 0.8.0
    cherokee-project cherokee 0.8.1
    cherokee-project cherokee 0.9.0
    cherokee-project cherokee 0.9.1
    cherokee-project cherokee 0.9.2
    cherokee-project cherokee 0.9.3
    cherokee-project cherokee 0.9.4
    cherokee-project cherokee 0.10.0
    cherokee-project cherokee 0.10.1
    cherokee-project cherokee 0.11.0
    cherokee-project cherokee 0.11.1
    cherokee-project cherokee 0.11.2
    cherokee-project cherokee 0.11.3
    cherokee-project cherokee 0.11.4
    cherokee-project cherokee 0.11.5
    cherokee-project cherokee 0.11.6
    cherokee-project cherokee 0.98.0
    cherokee-project cherokee 0.98.1
    cherokee-project cherokee 0.99.0
    cherokee-project cherokee 0.99.1
    cherokee-project cherokee 0.99.2
    cherokee-project cherokee 0.99.3
    cherokee-project cherokee 0.99.4
    cherokee-project cherokee 0.99.5
    cherokee-project cherokee 0.99.6
    cherokee-project cherokee 0.99.07
    cherokee-project cherokee 0.99.8
    cherokee-project cherokee 0.99.9
    cherokee-project cherokee 0.99.10
    cherokee-project cherokee 0.99.11
    cherokee-project cherokee 0.99.12
    cherokee-project cherokee 0.99.13
    cherokee-project cherokee 0.99.14
    cherokee-project cherokee 0.99.15
    cherokee-project cherokee 0.99.16
    cherokee-project cherokee 0.99.17
    cherokee-project cherokee 0.99.18
    cherokee-project cherokee 0.99.19
    cherokee-project cherokee 0.99.20
    cherokee-project cherokee 0.99.21
    cherokee-project cherokee 0.99.22
    cherokee-project cherokee 0.99.23
    cherokee-project cherokee 0.99.24
    cherokee-project cherokee 0.99.25
    cherokee-project cherokee 0.99.26
    cherokee-project cherokee 0.99.27
    cherokee-project cherokee 0.99.28
    cherokee-project cherokee 0.99.29
    cherokee-project cherokee 0.99.30
    cherokee-project cherokee 0.99.31
    cherokee-project cherokee 0.99.32
    cherokee-project cherokee 0.99.33
    cherokee-project cherokee 0.99.34
    cherokee-project cherokee 0.99.35
    cherokee-project cherokee 0.99.36
    cherokee-project cherokee 0.99.37
    cherokee-project cherokee 0.99.38
    cherokee-project cherokee 0.99.39
    cherokee-project cherokee 0.99.40
    cherokee-project cherokee 0.99.41
    cherokee-project cherokee 0.99.42
    cherokee-project cherokee 0.99.43
    cherokee-project cherokee 0.99.44
    cherokee-project cherokee 0.99.45
    cherokee-project cherokee 0.99.46
    cherokee-project cherokee 0.99.47
    cherokee-project cherokee 0.99.48
    cherokee-project cherokee 0.99.49
    cherokee-project cherokee 1.0.0
    cherokee-project cherokee 1.0.1
    cherokee-project cherokee 1.0.2
    cherokee-project cherokee 1.0.3
    cherokee-project cherokee 1.0.4
    cherokee-project cherokee 1.0.5
    cherokee-project cherokee 1.0.6
    cherokee-project cherokee 1.0.7
    cherokee-project cherokee 1.0.8
    cherokee-project cherokee 1.0.9
    cherokee-project cherokee 1.0.10
    cherokee-project cherokee 1.0.11
    cherokee-project cherokee 1.0.12
    cherokee-project cherokee 1.0.13
    cherokee-project cherokee 1.0.14
    cherokee-project cherokee 1.0.15
    cherokee-project cherokee 1.0.16
    cherokee-project cherokee 1.0.17
    cherokee-project cherokee 1.0.18
    cherokee-project cherokee 1.0.19
    cherokee-project cherokee 1.0.20
    cherokee-project cherokee 1.2.0
    cherokee-project cherokee 1.2.1
    cherokee-project cherokee 1.2.2
    cherokee-project cherokee *