Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2011-2191
Disclosure Date: October 07, 2011 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
0
Attacker Value
Unknown
CVE-2011-2190
Disclosure Date: October 07, 2011 (last updated October 04, 2023)
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
0
Attacker Value
Unknown
CVE-2009-4587
Disclosure Date: January 07, 2010 (last updated October 04, 2023)
Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.
0
Attacker Value
Unknown
CVE-2009-3902
Disclosure Date: November 06, 2009 (last updated October 04, 2023)
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
0
