Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2983

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

Published

2012-09-11T18:55:01.283

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gentoo	webmin	≤ 1.590	Yes
Application	gentoo	webmin	1.140	Yes
Application	gentoo	webmin	1.150	Yes
Application	gentoo	webmin	1.160	Yes
Application	gentoo	webmin	1.170	Yes
Application	gentoo	webmin	1.180	Yes
Application	gentoo	webmin	1.200	Yes
Application	gentoo	webmin	1.210	Yes
Application	gentoo	webmin	1.220	Yes
Application	gentoo	webmin	1.230	Yes
Application	gentoo	webmin	1.240	Yes
Application	gentoo	webmin	1.260	Yes
Application	gentoo	webmin	1.270	Yes
Application	gentoo	webmin	1.280	Yes
Application	gentoo	webmin	1.290	Yes
Application	gentoo	webmin	1.300	Yes
Application	gentoo	webmin	1.310	Yes
Application	gentoo	webmin	1.320	Yes
Application	gentoo	webmin	1.330	Yes
Application	gentoo	webmin	1.340	Yes
Application	gentoo	webmin	1.370	Yes
Application	gentoo	webmin	1.380	Yes
Application	gentoo	webmin	1.390	Yes
Application	gentoo	webmin	1.400	Yes
Application	gentoo	webmin	1.410	Yes
Application	gentoo	webmin	1.420	Yes
Application	gentoo	webmin	1.430	Yes
Application	gentoo	webmin	1.440	Yes
Application	gentoo	webmin	1.450	Yes
Application	gentoo	webmin	1.470	Yes
Application	gentoo	webmin	1.480	Yes
Application	gentoo	webmin	1.500	Yes
Application	gentoo	webmin	1.510	Yes
Application	gentoo	webmin	1.520	Yes
Application	gentoo	webmin	1.530	Yes
Application	gentoo	webmin	1.550	Yes
Application	gentoo	webmin	1.560	Yes
Application	gentoo	webmin	1.570	Yes
Application	gentoo	webmin	1.580	Yes

References

http://americaninfosec.com/research/index.html ([email protected])
http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf ([email protected])
http://www.kb.cert.org/vuls/id/788478 Patch, US Government Resource ([email protected])
http://www.securitytracker.com/id?1027507 ([email protected])
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf ([email protected])
https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80 ([email protected])
http://americaninfosec.com/research/index.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/788478 Patch, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1027507 (af854a3a-2127-422b-91ae-364da2661108)
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80 (af854a3a-2127-422b-91ae-364da2661108)