Description
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2645 Vulnerability (CVE-2018-2645)
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2012-0876)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.19)
WordPress Plugin WP-Filebase Download Manager 'base' Parameter SQL Injection (0.2.9)