[Japanese]

JVNDB-2006-000938

Webmin directory traversal vulnerability

Overview

Webmin is a web-based system management tool.
Webmin contains a directory traversal vulnerability which allows to bypass authentication.

As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Webmin Project
  • Usermin 1.210 and earlier
  • Webmin 1.280 and earlier

Impact

A remote attacker could view files on the computer without authentication. Private information could be leaked as a result.
Solution

Vendor Information

Webmin Project
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-3274
References

  1. JVN : JVN#67974490
  2. National Vulnerability Database (NVD) : CVE-2006-3274
  3. Secunia Advisory : SA20777
  4. SecurityFocus : 18613
  5. ISS X-Force Database : 27366
  6. SecurityTracker : 1016375
  7. FrSIRT Advisories : FrSIRT/ADV-2006-2493
Revision History

  • [2008/05/21]
      Web page published