Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1673

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2002-1673
Last Modified 05 Sep 2008 04:31:13
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1673

Summary

The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.

Vulnerable Systems

Application

  • Webmin 0.1

  • Webmin 0.2

  • Webmin 0.21

  • Webmin 0.22

  • Webmin 0.3

  • Webmin 0.31

  • Webmin 0.4

  • Webmin 0.41

  • Webmin 0.42

  • Webmin 0.5

  • Webmin 0.51

  • Webmin 0.6

  • Webmin 0.7

  • Webmin 0.76

  • Webmin 0.77

  • Webmin 0.78

  • Webmin 0.79

  • Webmin 0.80

  • Webmin 0.83

  • Webmin 0.84

  • Webmin 0.85

  • Webmin 0.88

  • Webmin 0.91

  • Webmin 0.92

  • Webmin 0.92.1


References

XF - webmin-functions-execute-code(8596)

BID - 4329


Last Updated: 27 May 2016 10:37:26