Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2191

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

Related bugs and status

CVE-2011-2191 (Candidate) is related to these bugs:

Bug #784632: csrf & xss issue (resulting from csrf).

Summary				In	Importance	Status
	784632	csrf & xss issue (resulting from csrf).		cherokee (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: http://seclists.org/fu...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/72693
MISC: http://lists.fedorapro...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.cherokee-pr...
MISC: https://bugzilla.redha...
MISC: https://launchpad.net/...