VYPR
Unrated severityNVD Advisory· Published Jul 2, 2014· Updated Jun 17, 2026

CVE-2014-4668

CVE-2014-4668

Description

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:cherokee-project:cherokee:*:*:*:*:*:*:*:*range: <=1.2.103
    • cpe:2.3:a:cherokee-project:cherokee:1.2.101:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee-project:cherokee:1.2.102:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee-project:cherokee:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee-project:cherokee:1.2.98:*:*:*:*:*:*:*
    • cpe:2.3:a:cherokee-project:cherokee:1.2.99:*:*:*:*:*:*:*
    • (no CPE)range: <=1.2.103
  • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:mageia_project:mageia:4:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.