Search...

Webmin/Usermin Authentication Error Page XSS

2002-05-07T00:00:00

ID OSVDB:9241
Type osvdb
Reporter OSVDB
Modified 2002-05-07T00:00:00

Description

No description provided by the source

References:

Vendor URL: http://www.webmin.com/ Vendor Specific Advisory URL Other Advisory URL: http://www.lac.co.jp/security/english/snsadv_e/52_e.html ISS X-Force ID: 9036 CVE-2002-0756 Bugtraq ID: 4694

JSON Vulners Source

Initial Source

{"title": "Webmin/Usermin Authentication Error Page XSS", "published": "2002-05-07T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0756"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802258"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:4127"]}, {"type": "nessus", "idList": ["WEBMIN_0_96.NASL"]}], "modified": "2017-04-28T13:20:04", "rev": 2}, "vulnersScore": 6.4}, "cvelist": ["CVE-2002-0756"], "viewCount": 0, "affectedSoftware": [], "id": "OSVDB:9241", "modified": "2002-05-07T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9241", "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.webmin.com/\n[Vendor Specific Advisory URL](ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-002.0.txt)\nOther Advisory URL: http://www.lac.co.jp/security/english/snsadv_e/52_e.html\nISS X-Force ID: 9036\n[CVE-2002-0756](https://vulners.com/cve/CVE-2002-0756)\nBugtraq ID: 4694\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "lastseen": "2017-04-28T13:20:04"}

{"cve": [{"lastseen": "2020-10-03T11:36:59", "description": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.", "edition": 3, "cvss3": {}, "published": "2002-08-12T04:00:00", "title": "CVE-2002-0756", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2002-0756"], "modified": "2008-09-05T20:28:00", "cpe": ["cpe:/a:webmin:webmin:0.95", "cpe:/a:usermin:usermin:0.8", "cpe:/a:webmin:webmin:0.94", "cpe:/a:usermin:usermin:0.9", "cpe:/a:webmin:webmin:0.92", "cpe:/a:webmin:webmin:0.92.1", "cpe:/a:webmin:webmin:0.93", "cpe:/a:webmin:webmin:0.91", "cpe:/a:usermin:usermin:0.7", "cpe:/a:webmin:webmin:0.96"], "id": "CVE-2002-0756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0756", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-03T18:59:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0756"], "description": "This host is running Webmin/Usermin and is prone to cross site\n scripting vulnerability.", "modified": "2020-04-01T00:00:00", "published": "2011-10-20T00:00:00", "id": "OPENVAS:1361412562310802258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802258", "type": "openvas", "title": "Webmin / Usermin Login Cross Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Webmin / Usermin Login Cross Site Scripting Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802258\");\n script_version(\"2020-04-01T10:41:43+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 10:41:43 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2002-0756\");\n script_bugtraq_id(4694);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Webmin / Usermin Login Cross Site Scripting Vulnerability\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"webmin.nasl\");\n script_require_ports(\"Services/www\", 10000, 20000);\n script_mandatory_keys(\"usermin_or_webmin/installed\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/9036\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to insert arbitrary HTML\n and script code, which will be executed in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"Webmin version 0.96 and Usermin version 0.90\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to improper validation of user-supplied input via the\n authentication page, which allows attackers to execute arbitrary HTML and\n script code in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Webmin version 0.970, Usermin version 0.910 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Webmin/Usermin and is prone to cross site\n scripting vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_xref(name:\"URL\", value:\"http://www.webmin.com/download.html\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\ncpe_list = make_list( \"cpe:/a:webmin:usermin\", \"cpe:/a:webmin:webmin\" );\n\nif( ! infos = get_app_port_from_list( cpe_list:cpe_list ) )\n exit( 0 );\n\nport = infos[\"port\"];\ncpe = infos[\"cpe\"];\n\nif( ! get_app_location( cpe:cpe, port:port, nofork:TRUE ) )\n exit(0);\n\nhost = http_host_name( port:port );\n\npostData = \"page=%2F&user=%27%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&pass=\";\n\nreq = string(\"POST /session_login.cgi HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"Cookie: sid=; testing=1; user=x\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: \", strlen(postData), \"\\r\\n\\r\\n\", postData );\nres = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\nif( ereg( pattern:\"^HTTP/1\\.[01] 200\", string:res ) &&\n \"><script>alert(document.cookie)</script>\" >< res ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:07", "bulletinFamily": "software", "cvelist": ["CVE-2002-0756", "CVE-2002-0757"], "description": "To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com\r\nfull-disclosure@lists.netsys.com\r\n\r\n______________________________________________________________________________\r\n\r\n SCO Security Advisory\r\n\r\nSubject: Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities \r\nAdvisory number: CSSA-2003-002.0\r\nIssue date: 2003 January 09\r\nCross reference:\r\n______________________________________________________________________________\r\n\r\n\r\n1. Problem Description\r\n\r\n From the CVE database:\r\n\r\n Cross-site scripting vulnerability in the authentication page\r\n for webmin allows remote attackers to insert script into an\r\n error page and possibly steal cookies.\r\n\r\n Webmin with password timeouts enabled allow local (and\r\n possibly remote) attackers to bypass authentication and gain\r\n privileges via certain control characters in the\r\n authentication information, which can force webmin to accept\r\n arbitrary username/session ID combinations.\r\n\r\n\r\n2. Vulnerable Supported Versions\r\n\r\n System Package\r\n ----------------------------------------------------------------------\r\n\r\n OpenLinux 3.1.1 Server prior to webmin-0.89-11.i386.rpm\r\n\r\n OpenLinux 3.1.1 Workstation prior to webmin-0.89-11.i386.rpm\r\n\r\n OpenLinux 3.1 Server prior to webmin-0.89-11.i386.rpm\r\n\r\n OpenLinux 3.1 Workstation prior to webmin-0.89-11.i386.rpm\r\n\r\n\r\n3. Solution\r\n\r\n The proper solution is to install the latest packages. Many\r\n customers find it easier to use the Caldera System Updater, called\r\n cupdate (or kcupdate under the KDE environment), to update these\r\n packages rather than downloading and installing them by hand.\r\n\r\n\r\n4. OpenLinux 3.1.1 Server\r\n\r\n 4.1 Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/RPMS\r\n\r\n 4.2 Packages\r\n\r\n 3026e74f0dfaf25d908ccec688a314e2 webmin-0.89-11.i386.rpm\r\n\r\n 4.3 Installation\r\n\r\n rpm -Fvh webmin-0.89-11.i386.rpm\r\n\r\n 4.4 Source Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-002.0/SRPMS\r\n\r\n 4.5 Source Packages\r\n\r\n 8f747fcb86d3e0461e5a3b94e1146f0b webmin-0.89-11.src.rpm\r\n\r\n\r\n5. OpenLinux 3.1.1 Workstation\r\n\r\n 5.1 Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/RPMS\r\n\r\n 5.2 Packages\r\n\r\n 7f8f3ce6e7924dc37dda93f055673133 webmin-0.89-11.i386.rpm\r\n\r\n 5.3 Installation\r\n\r\n rpm -Fvh webmin-0.89-11.i386.rpm\r\n\r\n 5.4 Source Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-002.0/SRPMS\r\n\r\n 5.5 Source Packages\r\n\r\n 19ae473fe6f97850aa82c433f4c1067b webmin-0.89-11.src.rpm\r\n\r\n\r\n6. OpenLinux 3.1 Server\r\n\r\n 6.1 Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/RPMS\r\n\r\n 6.2 Packages\r\n\r\n 00d70a606a93cb9f2918f5fcfd2e5b06 webmin-0.89-11.i386.rpm\r\n\r\n 6.3 Installation\r\n\r\n rpm -Fvh webmin-0.89-11.i386.rpm\r\n\r\n 6.4 Source Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-002.0/SRPMS\r\n\r\n 6.5 Source Packages\r\n\r\n 77fac0e2fff9398a5f8c03d42fc069b8 webmin-0.89-11.src.rpm\r\n\r\n\r\n7. OpenLinux 3.1 Workstation\r\n\r\n 7.1 Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/RPMS\r\n\r\n 7.2 Packages\r\n\r\n 2cf9af671080810d2cb0c6e45a860755 webmin-0.89-11.i386.rpm\r\n\r\n 7.3 Installation\r\n\r\n rpm -Fvh webmin-0.89-11.i386.rpm\r\n\r\n 7.4 Source Package Location\r\n\r\n ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-002.0/SRPMS\r\n\r\n 7.5 Source Packages\r\n\r\n 1932376f68438264e54a1dee7bbd5dff webmin-0.89-11.src.rpm\r\n\r\n\r\n8. References\r\n\r\n Specific references for this advisory:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0756\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0757\r\n\r\n SCO security resources:\r\n\r\n http://www.sco.com/support/security/index.html\r\n\r\n This security fix closes SCO incidents sr863988, fz520909,\r\n erg501606.\r\n\r\n\r\n9. Disclaimer\r\n\r\n SCO is not responsible for the misuse of any of the information\r\n we provide on this website and/or through our security\r\n advisories. Our advisories are a service to our customers intended\r\n to promote secure installation and use of SCO products.\r\n\r\n\r\n10. Acknowledgements\r\n\r\n Keigo Yamazaki (LAC Co.,Ltd) discovered and researched this\r\n vulnerability.\r\n\r\n______________________________________________________________________________", "edition": 1, "modified": "2003-02-25T00:00:00", "published": "2003-02-25T00:00:00", "id": "SECURITYVULNS:DOC:4127", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4127", "title": "Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T07:00:29", "description": "According to its self-reported version, the Webmin install hosted on\nthe remote host is 0.96 It is, therefore, affected by multiple\nvulnerabilities:\n\n - A cross site scripting vulnerability which may allow\n attackers to insert arbitrary code. (CVE-2002-0756)\n\n - An authentication bypass which may allow attackers\n to login using arbitrary credentials (CVE-2002-0757)", "edition": 23, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2018-03-22T00:00:00", "title": "Webmin 0.96 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0756", "CVE-2002-0757"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:webmin:webmin"], "id": "WEBMIN_0_96.NASL", "href": "https://www.tenable.com/plugins/nessus/108539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108539);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2002-0756\", \"CVE-2002-0757\");\n\n script_name(english:\"Webmin 0.96 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Webmin.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple security vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Webmin install hosted on\nthe remote host is 0.96 It is, therefore, affected by multiple\nvulnerabilities:\n\n - A cross site scripting vulnerability which may allow\n attackers to insert arbitrary code. (CVE-2002-0756)\n\n - An authentication bypass which may allow attackers\n to login using arbitrary credentials (CVE-2002-0757)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/bid/4700\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.webmin.com/changes.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Webmin 0.97 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/22\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:webmin:webmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"webmin.nasl\");\n script_require_keys(\"www/webmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 10000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\napp = 'Webmin';\nport = get_http_port(default:10000, embedded: TRUE);\n\nget_kb_item_or_exit('www/'+port+'/webmin');\nversion = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);\nsource = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\ndir = \"/\";\ninstall_url = build_url(port:port, qs:dir);\n\nfix = \"0.97\";\n\nif (ver_compare(ver:version, fix:\"0.96\", strict:FALSE) == 0)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Version Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xss:TRUE);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}