CVE-2011-2191

CVE Descriptions

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-352	Cross-Site Request Forgery (CSRF) The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.96%	–	–
2022-03-27	–	–	1.96%	–	–
2022-04-03	–	–	1.96%	–	–
2022-08-28	–	–	1.96%	–	–
2023-03-12	–	–	–	0.4%	–
2023-09-17	–	–	–	0.4%	–
2023-10-29	–	–	–	0.41%	–
2024-02-11	–	–	–	0.41%	–
2024-03-31	–	–	–	0.41%	–
2024-06-02	–	–	–	0.41%	–
2024-06-02	–	–	–	0.41%	–
2024-11-17	–	–	–	0.41%	–
2024-12-22	–	–	–	1.61%	–
2025-01-19	–	–	–	1.61%	–
2025-03-18	–	–	–	–	0.51%
2025-04-15	–	–	–	–	0.51%
2025-04-15	–	–	–	–	0.51,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	56%
2022-03-27	57%
2022-04-03	77%
2022-08-28	78%
2023-03-12	7%
2023-09-17	71%
2023-10-29	71%
2024-02-11	73%
2024-03-31	74%
2024-06-02	74%
2024-06-02	74%
2024-11-17	75%
2024-12-22	87%
2025-01-19	87%
2025-03-18	64%
2025-04-15	65%
2025-04-15	65%

Products Mentioned

Configuraton 0

Cherokee-project>>Cherokee >> Version To (including) 1.2.98

Cherokee-project>>Cherokee >> Version - (Open CPE detail)
Cherokee-project>>Cherokee >> Version 0.4.27 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 0.99.31 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 0.99.32 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.12 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.13 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.14 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.15 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.16 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.17 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.18 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.0.21 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.2.0 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.2.2 (Open CPE detail)
Cherokee-project>>Cherokee >> Version 1.2.98 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 0.3.0

Cherokee-project>>Cherokee >> Version 0.4.0

Cherokee-project>>Cherokee >> Version 0.4.1

Cherokee-project>>Cherokee >> Version 0.4.2

Cherokee-project>>Cherokee >> Version 0.4.3

Cherokee-project>>Cherokee >> Version 0.4.4

Cherokee-project>>Cherokee >> Version 0.4.5

Cherokee-project>>Cherokee >> Version 0.4.6

Cherokee-project>>Cherokee >> Version 0.4.7

Cherokee-project>>Cherokee >> Version 0.4.8

Cherokee-project>>Cherokee >> Version 0.4.9

Cherokee-project>>Cherokee >> Version 0.4.10

Cherokee-project>>Cherokee >> Version 0.4.11

Cherokee-project>>Cherokee >> Version 0.4.12

Cherokee-project>>Cherokee >> Version 0.4.13

Cherokee-project>>Cherokee >> Version 0.4.14

Cherokee-project>>Cherokee >> Version 0.4.15

Cherokee-project>>Cherokee >> Version 0.4.16

Cherokee-project>>Cherokee >> Version 0.4.17

Cherokee-project>>Cherokee >> Version 0.4.18

Cherokee-project>>Cherokee >> Version 0.4.19

Cherokee-project>>Cherokee >> Version 0.4.20

Cherokee-project>>Cherokee >> Version 0.4.21

Cherokee-project>>Cherokee >> Version 0.4.22

Cherokee-project>>Cherokee >> Version 0.4.23

Cherokee-project>>Cherokee >> Version 0.4.24

Cherokee-project>>Cherokee >> Version 0.4.25

Cherokee-project>>Cherokee >> Version 0.4.26

Cherokee-project>>Cherokee >> Version 0.4.27

Cherokee-project>>Cherokee >> Version 0.4.27 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 0.4.28

Cherokee-project>>Cherokee >> Version 0.4.29

Cherokee-project>>Cherokee >> Version 0.4.30

Cherokee-project>>Cherokee >> Version 0.5.0

Cherokee-project>>Cherokee >> Version 0.5.1

Cherokee-project>>Cherokee >> Version 0.5.2

Cherokee-project>>Cherokee >> Version 0.5.3

Cherokee-project>>Cherokee >> Version 0.5.4

Cherokee-project>>Cherokee >> Version 0.5.5

Cherokee-project>>Cherokee >> Version 0.5.6

Cherokee-project>>Cherokee >> Version 0.6.0

Cherokee-project>>Cherokee >> Version 0.6.1

Cherokee-project>>Cherokee >> Version 0.7.0

Cherokee-project>>Cherokee >> Version 0.7.1

Cherokee-project>>Cherokee >> Version 0.7.2

Cherokee-project>>Cherokee >> Version 0.8.0

Cherokee-project>>Cherokee >> Version 0.8.1

Cherokee-project>>Cherokee >> Version 0.9.0

Cherokee-project>>Cherokee >> Version 0.9.1

Cherokee-project>>Cherokee >> Version 0.9.2

Cherokee-project>>Cherokee >> Version 0.9.3

Cherokee-project>>Cherokee >> Version 0.9.4

Cherokee-project>>Cherokee >> Version 0.10.0

Cherokee-project>>Cherokee >> Version 0.10.1

Cherokee-project>>Cherokee >> Version 0.11.0

Cherokee-project>>Cherokee >> Version 0.11.1

Cherokee-project>>Cherokee >> Version 0.11.2

Cherokee-project>>Cherokee >> Version 0.11.3

Cherokee-project>>Cherokee >> Version 0.11.4

Cherokee-project>>Cherokee >> Version 0.11.5

Cherokee-project>>Cherokee >> Version 0.11.6

Cherokee-project>>Cherokee >> Version 0.98.0

Cherokee-project>>Cherokee >> Version 0.98.1

Cherokee-project>>Cherokee >> Version 0.99.0

Cherokee-project>>Cherokee >> Version 0.99.1

Cherokee-project>>Cherokee >> Version 0.99.2

Cherokee-project>>Cherokee >> Version 0.99.3

Cherokee-project>>Cherokee >> Version 0.99.4

Cherokee-project>>Cherokee >> Version 0.99.5

Cherokee-project>>Cherokee >> Version 0.99.6

Cherokee-project>>Cherokee >> Version 0.99.07

Cherokee-project>>Cherokee >> Version 0.99.8

Cherokee-project>>Cherokee >> Version 0.99.9

Cherokee-project>>Cherokee >> Version 0.99.10

Cherokee-project>>Cherokee >> Version 0.99.11

Cherokee-project>>Cherokee >> Version 0.99.12

Cherokee-project>>Cherokee >> Version 0.99.13

Cherokee-project>>Cherokee >> Version 0.99.14

Cherokee-project>>Cherokee >> Version 0.99.15

Cherokee-project>>Cherokee >> Version 0.99.16

Cherokee-project>>Cherokee >> Version 0.99.17

Cherokee-project>>Cherokee >> Version 0.99.18

Cherokee-project>>Cherokee >> Version 0.99.19

Cherokee-project>>Cherokee >> Version 0.99.20

Cherokee-project>>Cherokee >> Version 0.99.21

Cherokee-project>>Cherokee >> Version 0.99.22

Cherokee-project>>Cherokee >> Version 0.99.23

Cherokee-project>>Cherokee >> Version 0.99.24

Cherokee-project>>Cherokee >> Version 0.99.25

Cherokee-project>>Cherokee >> Version 0.99.26

Cherokee-project>>Cherokee >> Version 0.99.27

Cherokee-project>>Cherokee >> Version 0.99.28

Cherokee-project>>Cherokee >> Version 0.99.29

Cherokee-project>>Cherokee >> Version 0.99.30

Cherokee-project>>Cherokee >> Version 0.99.31

Cherokee-project>>Cherokee >> Version 0.99.31 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 0.99.32

Cherokee-project>>Cherokee >> Version 0.99.32 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 0.99.33

Cherokee-project>>Cherokee >> Version 0.99.34

Cherokee-project>>Cherokee >> Version 0.99.35

Cherokee-project>>Cherokee >> Version 0.99.36

Cherokee-project>>Cherokee >> Version 0.99.37

Cherokee-project>>Cherokee >> Version 0.99.38

Cherokee-project>>Cherokee >> Version 0.99.39

Cherokee-project>>Cherokee >> Version 0.99.40

Cherokee-project>>Cherokee >> Version 0.99.41

Cherokee-project>>Cherokee >> Version 0.99.42

Cherokee-project>>Cherokee >> Version 0.99.43

Cherokee-project>>Cherokee >> Version 0.99.44

Cherokee-project>>Cherokee >> Version 0.99.45

Cherokee-project>>Cherokee >> Version 0.99.46

Cherokee-project>>Cherokee >> Version 0.99.47

Cherokee-project>>Cherokee >> Version 0.99.48

Cherokee-project>>Cherokee >> Version 0.99.49

Cherokee-project>>Cherokee >> Version 1.0.0

Cherokee-project>>Cherokee >> Version 1.0.1

Cherokee-project>>Cherokee >> Version 1.0.2

Cherokee-project>>Cherokee >> Version 1.0.3

Cherokee-project>>Cherokee >> Version 1.0.4

Cherokee-project>>Cherokee >> Version 1.0.5

Cherokee-project>>Cherokee >> Version 1.0.6

Cherokee-project>>Cherokee >> Version 1.0.7

Cherokee-project>>Cherokee >> Version 1.0.8

Cherokee-project>>Cherokee >> Version 1.0.9

Cherokee-project>>Cherokee >> Version 1.0.10

Cherokee-project>>Cherokee >> Version 1.0.11

Cherokee-project>>Cherokee >> Version 1.0.12

Cherokee-project>>Cherokee >> Version 1.0.12 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.13

Cherokee-project>>Cherokee >> Version 1.0.13 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.14

Cherokee-project>>Cherokee >> Version 1.0.14 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.15

Cherokee-project>>Cherokee >> Version 1.0.15 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.16

Cherokee-project>>Cherokee >> Version 1.0.16 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.17

Cherokee-project>>Cherokee >> Version 1.0.17 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.18

Cherokee-project>>Cherokee >> Version 1.0.18 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.0.19

Cherokee-project>>Cherokee >> Version 1.0.20

Cherokee-project>>Cherokee >> Version 1.2.0

Cherokee-project>>Cherokee >> Version 1.2.0 (Open CPE detail)

Cherokee-project>>Cherokee >> Version 1.2.1

Cherokee-project>>Cherokee >> Version 1.2.2

Cherokee-project>>Cherokee >> Version 1.2.2 (Open CPE detail)

References

http://www.securityfocus.com/bid/49772
Tags : vdb-entry, x_refsource_BID

http://seclists.org/fulldisclosure/2011/Jun/0
Tags : mailing-list, x_refsource_FULLDISC

http://www.openwall.com/lists/oss-security/2011/06/06/22
Tags : mailing-list, x_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html
Tags : vendor-advisory, x_refsource_FEDORA

https://launchpad.net/bugs/784632
Tags : x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2011/06/02/2
Tags : mailing-list, x_refsource_MLIST

http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz
Tags : x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=713304
Tags : x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2011/06/03/6
Tags : mailing-list, x_refsource_MLIST

http://osvdb.org/72693
Tags : vdb-entry, x_refsource_OSVDB

CVE-2011-2191 : Detail