[Japanese]
|
JVNDB-2006-000939
|
Multiple vulnerabilities in Webmin and Usermin
|
Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:
- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions
- Cross-site scripting
We are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to "Development Versions of Webmin and Usermin" on the vendor's website for information on the latest versions of the software.
|
CVSS V2 Severity: Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Webmin Project
- Usermin Version 1.220 and earlier
- Webmin Version 1.290 and earlier
MIRACLE LINUX CORPORATION
- Asianux Server 2.0
- Asianux Server 2.1
|
|
A remote attacker could conduct the followings:
- Steal Webmin and Usermin's configuration information
- Execute an arbitrary script on the user's web browser
- Possibly conduct a session hijack attack if session information from a cookie is leaked
|
|
Webmin Project
MIRACLE LINUX CORPORATION
|
|
- CVE-2006-4542
|
- JVN : JVN#99776858
- National Vulnerability Database (NVD) : CVE-2006-4542
- Secunia Advisory : SA21690
- Secunia Advisory : SA22114
- SecurityFocus : 19820
- ISS X-Force Database : 28699
- SecurityTracker : 1016776
- SecurityTracker : 1016777
- FrSIRT Advisories : FrSIRT/ADV-2006-3424
|
- [2008/05/21]
Web page published
|