CVE-2014-4668

2014-07-0204:14:17

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.018

Percentile

88.1%

JSON

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Affected configurations

Nvd

Node

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

mageia_projectmageiaMatch4

Node

cherokee-projectcherokeeRange≤1.2.103

cherokee-projectcherokeeMatch1.2.2

cherokee-projectcherokeeMatch1.2.98

cherokee-projectcherokeeMatch1.2.99

cherokee-projectcherokeeMatch1.2.101

cherokee-projectcherokeeMatch1.2.102

VendorProductVersionCPE
fedoraprojectfedora20cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
fedoraprojectfedora22cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
mageia_projectmageia4cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*
cherokee-projectcherokee*cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*
cherokee-projectcherokee1.2.2cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*
cherokee-projectcherokee1.2.98cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*
cherokee-projectcherokee1.2.99cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*
cherokee-projectcherokee1.2.101cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*
cherokee-projectcherokee1.2.102cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	fedora	20	cpe:2.3:o:fedoraproject:fedora:20:::::::*
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*
fedoraproject	fedora	22	cpe:2.3:o:fedoraproject:fedora:22:::::::*
mageia_project	mageia	4	cpe:2.3:o:mageia_project:mageia:4:::::::*
cherokee-project	cherokee	*	cpe:2.3:a:cherokee-project:cherokee::::::::
cherokee-project	cherokee	1.2.2	cpe:2.3:a:cherokee-project:cherokee:1.2.2:::::::*
cherokee-project	cherokee	1.2.98	cpe:2.3:a:cherokee-project:cherokee:1.2.98:::::::*
cherokee-project	cherokee	1.2.99	cpe:2.3:a:cherokee-project:cherokee:1.2.99:::::::*
cherokee-project	cherokee	1.2.101	cpe:2.3:a:cherokee-project:cherokee:1.2.101:::::::*
cherokee-project	cherokee	1.2.102	cpe:2.3:a:cherokee-project:cherokee:1.2.102:::::::*