Lucene search

[email protected]CVE-2002-1672

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-1672

2002-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

webmin

security

insecure permissions

cve-2002-1672

vulnerability

session hijacking

6.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user’s cookie-based authentication credentials and possibly hijack the root user’s session using the credentials.

CPENameOperatorVersion
webmin:webminwebmineq0.92
webmin:webminwebmineq0.92.1

CPE	Name	Operator	Version
webmin:webmin	webmin	eq	0.92
webmin:webmin	webmin	eq	0.92.1

References

online.securityfocus.com/archive/1/263181

www.securityfocus.com/bid/4328

www.webmin.com/changes.html

exchange.xforce.ibmcloud.com/vulnerabilities/8595

6.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2002-1672

nessus1