Description
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Magee Shortcodes Cross-Site Scripting (1.6.3)
WordPress Plugin WPS Bidouille Multiple Vulnerabilities (1.12.2)
Oracle Database Server CVE-2014-6542 Vulnerability (CVE-2014-6542)
MySQL CVE-2021-35607 Vulnerability (CVE-2021-35607)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.23)