CSRF in Cherokee-project Cherokee

CVE-2011-2191

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrat…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.006 (69.7th percentile) — read the EPSS interpretation.

Affected products

Cherokee-project Cherokee — versions 0.3.0, 0.4.0, 0.4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

49772 (vdb-entry, x_refsource_BID)
20110601 cherokee server admin vulnerable to csrf (mailing-list, x_refsource_FULLDISC)
[oss-security] 20110606 Re: Security issue in cherokee (mailing-list, x_refsource_MLIST, Exploit)
FEDORA-2011-12698 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
[oss-security] 20110603 Security issue in cherokee (mailing-list, x_refsource_MLIST, Exploit)
72693 (x_refsource_OSVDB, vdb-entry)