Executive Summary

Informations
Name CVE-2011-2190 First vendor Publication 2011-10-06
Vendor Cve Last vendor Modification 2012-05-14

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2190

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 137

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for cherokee FEDORA-2011-12657
File : nvt/gb_fedora_2011_12657_cherokee_fc16.nasl
2012-04-02 Name : Fedora Update for cherokee FEDORA-2011-14622
File : nvt/gb_fedora_2011_14622_cherokee_fc16.nasl
2011-11-25 Name : Fedora Update for cherokee FEDORA-2011-14634
File : nvt/gb_fedora_2011_14634_cherokee_fc15.nasl
2011-11-25 Name : Fedora Update for cherokee FEDORA-2011-14660
File : nvt/gb_fedora_2011_14660_cherokee_fc14.nasl
2011-09-27 Name : Fedora Update for cherokee FEDORA-2011-12687
File : nvt/gb_fedora_2011_12687_cherokee_fc14.nasl
2011-09-27 Name : Fedora Update for cherokee FEDORA-2011-12698
File : nvt/gb_fedora_2011_12698_cherokee_fc15.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75717 Cherokee Admin Password Generation Weakness Password Disclosure

Nessus® Vulnerability Scanner

Date Description
2011-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14622.nasl - Type : ACT_GATHER_INFO
2011-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14634.nasl - Type : ACT_GATHER_INFO
2011-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14660.nasl - Type : ACT_GATHER_INFO
2011-10-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-12657.nasl - Type : ACT_GATHER_INFO
2011-09-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-12687.nasl - Type : ACT_GATHER_INFO
2011-09-26 Name : The remote Fedora host is missing a security update.
File : fedora_2011-12698.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/49772
CONFIRM http://code.google.com/p/cherokee/issues/detail?id=1212
http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
https://bugzilla.redhat.com/show_bug.cgi?id=713304
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0662...
MLIST http://www.openwall.com/lists/oss-security/2011/06/03/4
http://www.openwall.com/lists/oss-security/2011/06/06/21

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-05 01:08:26
  • Multiple Updates
2021-05-04 12:14:34
  • Multiple Updates
2021-04-22 01:15:52
  • Multiple Updates
2020-05-23 01:44:37
  • Multiple Updates
2020-05-23 00:28:39
  • Multiple Updates
2014-02-17 11:02:49
  • Multiple Updates
2013-05-10 23:01:29
  • Multiple Updates