CVE-2011-2191

Name of the Vulnerable Software and Affected Versions Cherokee versions prior to 1.2.99

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences. This can be achieved by crafting a nickname field to the "vserver/apply" endpoint.

Recommendations For versions prior to 1.2.99, update to version 1.2.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the "vserver/apply" endpoint to minimize the risk of exploitation. Avoid using the nickname field in the affected endpoint until the issue is resolved.