Lucene search

GoogleOSV:CVE-2017-15644

HistoryOct 19, 2017 - 10:29 p.m.

CVE-2017-15644

2017-10-1922:29:00

Google

osv.dev

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

42.5%

JSON

SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.

CPENameOperatorVersion
webmineq1.720
webmineq1.710
webmineq1.830
webmineq1.770
webmineq1.730
webmineq1.850
webmineq1.700
webmineq1.750
webmineq1.800
webmineq1.810

Name	Operator	Version
webmin	eq	1.720
webmin	eq	1.710
webmin	eq	1.830
webmin	eq	1.770
webmin	eq	1.730
webmin	eq	1.850
webmin	eq	1.700
webmin	eq	1.750
webmin	eq	1.800
webmin	eq	1.810

Rows per page:

1-10 of 181

References

www.webmin.com/changes.html

www.webmin.com/security.html

blogs.securiteam.com/index.php/archives/3430

github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for OSV:CVE-2017-15644