Lucene search

[email protected]CVE-2003-0101

HistoryMar 03, 2003 - 5:00 a.m.

CVE-2003-0101

2003-03-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0101

webmin

usermin

metacharacters

base-64

authentication

remote attackers

spoofing

session id

root privileges

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.069 Low

EPSS

Percentile

93.9%

JSON

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

CPENameOperatorVersion
usermin:userminusermineq0.91
usermin:userminusermineq0.9
webmin:webminwebmineq1.0.60
usermin:userminusermineq0.8
usermin:userminusermineq0.97
usermin:userminusermineq0.99
usermin:userminusermineq0.6
usermin:userminusermineq0.96
usermin:userminusermineq0.5
usermin:userminusermineq0.94

CPE	Name	Operator	Version
usermin:usermin	usermin	eq	0.91
usermin:usermin	usermin	eq	0.9
webmin:webmin	webmin	eq	1.0.60
usermin:usermin	usermin	eq	0.8
usermin:usermin	usermin	eq	0.97
usermin:usermin	usermin	eq	0.99
usermin:usermin	usermin	eq	0.6
usermin:usermin	usermin	eq	0.96
usermin:usermin	usermin	eq	0.5
usermin:usermin	usermin	eq	0.94

Rows per page:

1-10 of 181

References

ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I

archives.neohapsis.com/archives/hp/2003-q1/0063.html

archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html

marc.info/?l=bugtraq&m=104610245624895&w=2

marc.info/?l=bugtraq&m=104610300325629&w=2

marc.info/?l=bugtraq&m=104610336226274&w=2

marc.info/?l=webmin-announce&m=104587858408101&w=2

secunia.com/advisories/8115

secunia.com/advisories/8163

www.ciac.org/ciac/bulletins/n-058.shtml

www.debian.org/security/2003/dsa-319

www.iss.net/security_center/static/11390.php

www.lac.co.jp/security/english/snsadv_e/62_e.html

www.linuxsecurity.com/advisories/gentoo_advisory-2886.html

www.mandriva.com/security/advisories?name=MDKSA-2003:025

www.securityfocus.com/bid/6915

www.securitytracker.com/id?1006160

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.069 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2003-0101

openvas4 nessus5 debian1 cvelist1 osv1