Back to search
CVE-2011-2191
Published: Oct 7, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
49772
vdb-entry
x_refsource_BID
20110601 cherokee server admin vulnerable to csrf
mailing-list
x_refsource_FULLDISC
[oss-security] 20110606 Re: Security issue in cherokee
mailing-list
x_refsource_MLIST
FEDORA-2011-12698
vendor-advisory
x_refsource_FEDORA
https://launchpad.net/bugs/784632
x_refsource_CONFIRM
[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=713304
x_refsource_CONFIRM
[oss-security] 20110603 Security issue in cherokee
mailing-list
x_refsource_MLIST
72693
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now