Lucene search

[email protected]CVE-2001-1074

HistoryMay 28, 2001 - 4:00 a.m.

CVE-2001-1074

2001-05-2804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1074

webmin

version 0.84

authorization

user privileges

vulnerability

cgi programs

nvd

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

CPENameOperatorVersion
webmin:webminwebmineq0.7
webmin:webminwebmineq0.6
webmin:webminwebmineq0.83
webmin:webminwebmineq0.84
webmin:webminwebmineq0.80
webmin:webminwebmineq0.5

CPE	Name	Operator	Version
webmin:webmin	webmin	eq	0.7
webmin:webmin	webmin	eq	0.6
webmin:webmin	webmin	eq	0.83
webmin:webmin	webmin	eq	0.84
webmin:webmin	webmin	eq	0.80
webmin:webmin	webmin	eq	0.5

References

archives.neohapsis.com/archives/bugtraq/2001-05/0262.html

www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt

www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3

www.securityfocus.com/bid/2795

exchange.xforce.ibmcloud.com/vulnerabilities/6627

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2001-1074

nessus2