cbcvebase.
CVE-2014-4668
published 2014-07-02

CVE-2014-4668: The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider…

PriorityP346medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.84%
84.9th percentile
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Affected

10 ranges
VendorProductVersion rangeFixed in
cherokee-projectcherokee<= 1.2.103
cherokee-projectcherokee
cherokee-projectcherokee
cherokee-projectcherokee
cherokee-projectcherokee
cherokee-projectcherokee
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
mageia_projectmageia
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.