cpe:/a:cherokee-project:cherokee:1.2.2 cpe:/a:cherokee-project:cherokee:1.2.98 cpe:/a:cherokee-project:cherokee:1.2.99 cpe:/a:cherokee-project:cherokee:1.2.101 cpe:/a:cherokee-project:cherokee:1.2.102 cpe:/a:cherokee-project:cherokee:1.2.103 cpe:/o:fedoraproject:fedora:20 cpe:/o:fedoraproject:fedora:21 cpe:/o:fedoraproject:fedora:22 cpe:/o:mageia_project:mageia:4 CVE-2014-4668 2014-07-02T00:14:17.233-04:00 2017-01-02T21:59:06.140-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2016-06-28T15:28:05.287-04:00 BID 68249 FEDORA FEDORA-2015-6194 FEDORA FEDORA-2015-6279 FEDORA FEDORA-2015-6392 MANDRIVA MDVSA-2015:225 MLIST [oss-security] 20140628 CVE request / advisory: Cherokee MLIST [oss-security] 20140628 Re: CVE request / advisory: Cherokee CONFIRM http://advisories.mageia.org/MGASA-2015-0181.html CONFIRM https://github.com/cherokee/webserver/commit/fbda667221c51f0aa476a02366e0cf66cb012f88 The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.