CVE-2014-4668

Published Jul 2, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDB6C80D-ADCA-481E-B54B-3BEA3D7D3107"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4AA7EA7-8D67-49E1-9D93-88CA97A8EFAC",
            "versionEndIncluding": "1.2.103"
          },
          {
            "criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D5B3C97-844D-4F58-87F4-11962A7228F2"
          },
          {
            "criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "762B5682-C942-4DC7-9C69-D0AC3D4E275C"
          },
          {
            "criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FB62CE7-9FC9-4E7F-8B3D-45710949EA6A"
          },
          {
            "criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D33D414B-0A4C-41EE-991A-788559EC3A03"
          },
          {
            "criteria": "cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1407BB70-8D64-422F-8487-4D8B3E88963E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References