CVE-2014-4668

NONE EPSS 84.9%
Published Jul 2, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 2, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

Threat Intelligence

EPSS Exploit Probability
84.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 10

VendorProductVersionRange
fedoraprojectfedora20any
fedoraprojectfedora21any
fedoraprojectfedora22any
mageia_projectmageia4any
cherokee-projectcherokee* ≤1.2.103
cherokee-projectcherokee1.2.2any
cherokee-projectcherokee1.2.98any
cherokee-projectcherokee1.2.99any
cherokee-projectcherokee1.2.101any
cherokee-projectcherokee1.2.102any

References 9

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.