6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
90.1%
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when “full PAM conversations” is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
CPE | Name | Operator | Version |
---|---|---|---|
usermin:usermin | usermin | eq | 1.150 |
webmin:webmin | webmin | eq | 1.2.20 |
archives.neohapsis.com/archives/bugtraq/2005-09/0257.html
jvn.jp/jp/JVN%2340940493/index.html
secunia.com/advisories/16858
secunia.com/advisories/17282
securityreason.com/securityalert/17
www.gentoo.org/security/en/glsa/glsa-200509-17.xml
www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
www.mandriva.com/security/advisories?name=MDKSA-2005:176
www.novell.com/linux/security/advisories/2005_24_sr.html
www.osvdb.org/19575
www.securityfocus.com/bid/14889
www.vupen.com/english/advisories/2005/1791
www.webmin.com/changes-1.230.html
www.webmin.com/uchanges-1.160.html