Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3274

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3274
Last Modified 07 Mar 2011 09:38:14
Published 28 Jun 2006 06:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3274

Summary

Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.

Vulnerable Systems

Application

  • Webmin 1.2.30

  • Webmin 1.2.40

  • Webmin 1.2.50

  • Webmin 1.2.60

  • Webmin 1.2.70


References

CONFIRM - http://www.webmin.com/changes.html

VUPEN - ADV-2006-2493

BID - 18613

BUGTRAQ - 20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability

MISC - http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html

SECTRACK - 1016375

SECUNIA - 20777

JVN - JVN#67974490

XF - webmin-backslash-directory-traversal(27366)

SREASON - 1161


Last Updated: 27 May 2016 10:42:57