1. CVE-Search
  2. CVE-2003-0101
ID CVE-2003-0101
Summary miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 18-10-2016 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 6915
bugtraq
  • 20030224 GLSA: usermin (200302-14)
  • 20030224 Webmin 1.050 - 1.060 remote exploit
  • 20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
ciac N-058
confirm
debian DSA-319
engarde ESA-20030225-006
hp HPSBUX0303-250
mandrake MDKSA-2003:025
misc http://www.lac.co.jp/security/english/snsadv_e/62_e.html
sectrack 1006160
secunia
  • 8115
  • 8163
sgi 20030602-01-I
xf webmin-usermin-root-access(11390)
Last major update 18-10-2016 - 02:29
Published 03-03-2003 - 05:00
Last modified 18-10-2016 - 02:29
Back to Top