cvelistv5 - CVE-2012-2983

CVE-2012-2983 (GCVE-0-2012-2983)

Vulnerability from cvelistv5 – Published: 2012-09-11 18:00 – Updated: 2024-08-06 19:50

Summary

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://www.americaninfosec.com/research/dossiers/…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/788478	third-party-advisoryx_refsource_CERT-VN
	http://www.securitytracker.com/id?1027507	vdb-entryx_refsource_SECTRACK
	http://americaninfosec.com/research/index.html	x_refsource_MISC
	https://github.com/webmin/webmin/commit/4cd7bad70…	x_refsource_CONFIRM
	http://www.xerox.com/download/security/security-b…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
          },
          {
            "name": "VU#788478",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/788478"
          },
          {
            "name": "1027507",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://americaninfosec.com/research/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-12T09:00:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
        },
        {
          "name": "VU#788478",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/788478"
        },
        {
          "name": "1027507",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://americaninfosec.com/research/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2983",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf",
              "refsource": "MISC",
              "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
            },
            {
              "name": "VU#788478",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/788478"
            },
            {
              "name": "1027507",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027507"
            },
            {
              "name": "http://americaninfosec.com/research/index.html",
              "refsource": "MISC",
              "url": "http://americaninfosec.com/research/index.html"
            },
            {
              "name": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80",
              "refsource": "CONFIRM",
              "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
            },
            {
              "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-2983",
    "datePublished": "2012-09-11T18:00:00",
    "dateReserved": "2012-05-30T00:00:00",
    "dateUpdated": "2024-08-06T19:50:05.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.590\", \"matchCriteriaId\": \"3BE0D872-5567-4B52-AF86-ECEA6B3640B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"708F7A39-3D58-4E48-AE71-A4892CB742F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FE40C73-F154-4F99-B34D-48B1D090CF9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BE77AF8-2706-40D4-B094-ECA970F7CE4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"365B53A4-FDEE-4D2E-A0C2-72D728F57FDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3470725-212E-4E86-9F06-709BFE7BC99C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2376D29D-C58F-48AD-A52E-639F438D6137\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE3A6060-A8DD-4714-95CF-B330D9F323EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9643F753-6EAC-4054-B1EB-4BFBB4280D4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82396947-1347-4365-AB4F-851A702A7F9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4D06F90-97F5-4936-8CFA-256C9941FF5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60E699C5-FE91-4E6A-8242-FB54D596853F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39AC9A61-0789-4089-AAC3-C4E085ABB80D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36649A62-5287-4798-BE59-18954FB5F168\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E196054-BE88-4381-9AE9-89951A9E814B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E552C43A-947C-42DD-A914-8A8D89605FDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"390A1BA0-C32E-4B64-AF9F-FF95E9366A3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"846C3686-82FE-4C5C-892C-7C6D28965A88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7289E38-D1F7-4964-9D6D-CC7845C354A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CA5E7D8-5213-42A1-A543-DE0546250772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F63C7945-1A73-4267-87A2-5F3380B3BC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29DDC8F5-8AC6-4007-964C-7A035AEE23AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0CD0CB1-1648-48BD-BF31-72545FF0C1E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD95F393-8E6D-4041-9884-DB0E02A132C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38C59749-474C-4205-ADE1-509881CAC84A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7CB881-4DAE-4698-BC75-30187D128623\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C6725EA-FCFD-4C00-90D9-9B5B552C193B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C3D974-185F-47CE-9245-32CC26CC5C00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"768351BA-C94F-4F6F-99B7-4E27C0F971C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B50EF46-2777-47CE-BC99-D1D5B17001FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"501F941E-609B-46B9-A2E0-B359B2DCBB15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FA24721-BC9A-40E2-ACAB-AA2D6C26C157\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67232DFE-C9D5-479E-8DC6-8F577D3ADBF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8976F845-5268-47BD-A782-5B7B8492DC70\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field.\"}, {\"lang\": \"es\", \"value\": \"file/edit_html.cgi en Webmin v1.590 y anteriores no realiza una comprobaci\\u00f3n de autorizaci\\u00f3n antes de mostrar el contenido de un archivo sin editar, lo que permite a atacantes remotos leer archivos de su elecci\\u00f3n a trav\\u00e9s del campo de archivo.\"}]",
      "id": "CVE-2012-2983",
      "lastModified": "2024-11-21T01:40:04.277",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-09-11T18:55:01.283",
      "references": "[{\"url\": \"http://americaninfosec.com/research/index.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/788478\", \"source\": \"cret@cert.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securitytracker.com/id?1027507\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://americaninfosec.com/research/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/788478\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securitytracker.com/id?1027507\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2983\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2012-09-11T18:55:01.283\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field.\"},{\"lang\":\"es\",\"value\":\"file/edit_html.cgi en Webmin v1.590 y anteriores no realiza una comprobaci\u00f3n de autorizaci\u00f3n antes de mostrar el contenido de un archivo sin editar, lo que permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s del campo de archivo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.590\",\"matchCriteriaId\":\"3BE0D872-5567-4B52-AF86-ECEA6B3640B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"708F7A39-3D58-4E48-AE71-A4892CB742F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE40C73-F154-4F99-B34D-48B1D090CF9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BE77AF8-2706-40D4-B094-ECA970F7CE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365B53A4-FDEE-4D2E-A0C2-72D728F57FDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3470725-212E-4E86-9F06-709BFE7BC99C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2376D29D-C58F-48AD-A52E-639F438D6137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3A6060-A8DD-4714-95CF-B330D9F323EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9643F753-6EAC-4054-B1EB-4BFBB4280D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82396947-1347-4365-AB4F-851A702A7F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4D06F90-97F5-4936-8CFA-256C9941FF5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60E699C5-FE91-4E6A-8242-FB54D596853F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39AC9A61-0789-4089-AAC3-C4E085ABB80D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36649A62-5287-4798-BE59-18954FB5F168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E196054-BE88-4381-9AE9-89951A9E814B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E552C43A-947C-42DD-A914-8A8D89605FDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"390A1BA0-C32E-4B64-AF9F-FF95E9366A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"846C3686-82FE-4C5C-892C-7C6D28965A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7289E38-D1F7-4964-9D6D-CC7845C354A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CA5E7D8-5213-42A1-A543-DE0546250772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63C7945-1A73-4267-87A2-5F3380B3BC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29DDC8F5-8AC6-4007-964C-7A035AEE23AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0CD0CB1-1648-48BD-BF31-72545FF0C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD95F393-8E6D-4041-9884-DB0E02A132C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C59749-474C-4205-ADE1-509881CAC84A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7CB881-4DAE-4698-BC75-30187D128623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C6725EA-FCFD-4C00-90D9-9B5B552C193B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C3D974-185F-47CE-9245-32CC26CC5C00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768351BA-C94F-4F6F-99B7-4E27C0F971C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B50EF46-2777-47CE-BC99-D1D5B17001FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501F941E-609B-46B9-A2E0-B359B2DCBB15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA24721-BC9A-40E2-ACAB-AA2D6C26C157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67232DFE-C9D5-479E-8DC6-8F577D3ADBF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8976F845-5268-47BD-A782-5B7B8492DC70\"}]}]}],\"references\":[{\"url\":\"http://americaninfosec.com/research/index.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/788478\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id?1027507\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80\",\"source\":\"cret@cert.org\"},{\"url\":\"http://americaninfosec.com/research/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/788478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id?1027507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-G7X5-GG6R-RHM7

Vulnerability from github – Published: 2022-05-17 05:09 – Updated: 2022-05-17 05:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2983"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-09-11T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field.",
  "id": "GHSA-g7x5-gg6r-rhm7",
  "modified": "2022-05-17T05:09:13Z",
  "published": "2022-05-17T05:09:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2983"
    },
    {
      "type": "WEB",
      "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
    },
    {
      "type": "WEB",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "type": "WEB",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-2983

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2983

Aliases

CVE-2012-2983

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2983",
    "description": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field.",
    "id": "GSD-2012-2983"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2983"
      ],
      "details": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field.",
      "id": "GSD-2012-2983",
      "modified": "2023-12-13T01:20:16.772622Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2012-2983",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf",
            "refsource": "MISC",
            "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
          },
          {
            "name": "VU#788478",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/788478"
          },
          {
            "name": "1027507",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027507"
          },
          {
            "name": "http://americaninfosec.com/research/index.html",
            "refsource": "MISC",
            "url": "http://americaninfosec.com/research/index.html"
          },
          {
            "name": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80",
            "refsource": "CONFIRM",
            "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
          },
          {
            "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.590",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2983"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#788478",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/788478"
            },
            {
              "name": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
            },
            {
              "name": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
            },
            {
              "name": "http://americaninfosec.com/research/index.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://americaninfosec.com/research/index.html"
            },
            {
              "name": "1027507",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027507"
            },
            {
              "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-05-30T03:16Z",
      "publishedDate": "2012-09-11T18:55Z"
    }
  }
}

FKIE_CVE-2012-2983

Vulnerability from fkie_nvd - Published: 2012-09-11 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://americaninfosec.com/research/index.html
cret@cert.org	http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
cret@cert.org	http://www.kb.cert.org/vuls/id/788478	Patch, US Government Resource
cret@cert.org	http://www.securitytracker.com/id?1027507
cret@cert.org	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
cret@cert.org	https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
af854a3a-2127-422b-91ae-364da2661108	http://americaninfosec.com/research/index.html
af854a3a-2127-422b-91ae-364da2661108	http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/788478	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027507
af854a3a-2127-422b-91ae-364da2661108	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
af854a3a-2127-422b-91ae-364da2661108	https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80

Impacted products

Vendor	Product	Version
gentoo	webmin	*
gentoo	webmin	1.140
gentoo	webmin	1.150
gentoo	webmin	1.160
gentoo	webmin	1.170
gentoo	webmin	1.180
gentoo	webmin	1.200
gentoo	webmin	1.210
gentoo	webmin	1.220
gentoo	webmin	1.230
gentoo	webmin	1.240
gentoo	webmin	1.260
gentoo	webmin	1.270
gentoo	webmin	1.280
gentoo	webmin	1.290
gentoo	webmin	1.300
gentoo	webmin	1.310
gentoo	webmin	1.320
gentoo	webmin	1.330
gentoo	webmin	1.340
gentoo	webmin	1.370
gentoo	webmin	1.380
gentoo	webmin	1.390
gentoo	webmin	1.400
gentoo	webmin	1.410
gentoo	webmin	1.420
gentoo	webmin	1.430
gentoo	webmin	1.440
gentoo	webmin	1.450
gentoo	webmin	1.470
gentoo	webmin	1.480
gentoo	webmin	1.500
gentoo	webmin	1.510
gentoo	webmin	1.520
gentoo	webmin	1.530
gentoo	webmin	1.550
gentoo	webmin	1.560
gentoo	webmin	1.570
gentoo	webmin	1.580

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
              "versionEndIncluding": "1.590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
              "matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
              "matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
              "matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
              "matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
              "matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
              "matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
              "matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
              "matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
              "matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
              "matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
              "matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
    },
    {
      "lang": "es",
      "value": "file/edit_html.cgi en Webmin v1.590 y anteriores no realiza una comprobaci\u00f3n de autorizaci\u00f3n antes de mostrar el contenido de un archivo sin editar, lo que permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s del campo de archivo."
    }
  ],
  "id": "CVE-2012-2983",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-11T18:55:01.283",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    },
    {
      "source": "cret@cert.org",
      "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2013-AVI-166

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Xerox FreeFlow Print Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Xerox FreeFlow Print Server 8.0_SP-3 (82.C5.24.86)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xerox du 26 février 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Xerox FreeFlow Print Server 8.0_SP-3  (82.C5.24.86)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4339"
    },
    {
      "name": "CVE-2012-5166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5166"
    },
    {
      "name": "CVE-2012-1973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1973"
    },
    {
      "name": "CVE-2012-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0769"
    },
    {
      "name": "CVE-2012-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3974"
    },
    {
      "name": "CVE-2012-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159"
    },
    {
      "name": "CVE-2012-3962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3962"
    },
    {
      "name": "CVE-2012-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2983"
    },
    {
      "name": "CVE-2012-1533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533"
    },
    {
      "name": "CVE-2012-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531"
    },
    {
      "name": "CVE-2012-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0768"
    },
    {
      "name": "CVE-2012-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216"
    },
    {
      "name": "CVE-2012-3967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3967"
    },
    {
      "name": "CVE-2012-3966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3966"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2012-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1972"
    },
    {
      "name": "CVE-2012-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3976"
    },
    {
      "name": "CVE-2012-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1975"
    },
    {
      "name": "CVE-2012-5083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083"
    },
    {
      "name": "CVE-2012-3957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3957"
    },
    {
      "name": "CVE-2012-2687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
    },
    {
      "name": "CVE-2012-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3970"
    },
    {
      "name": "CVE-2012-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3978"
    },
    {
      "name": "CVE-2012-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5077"
    },
    {
      "name": "CVE-2012-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072"
    },
    {
      "name": "CVE-2012-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0725"
    },
    {
      "name": "CVE-2012-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2982"
    },
    {
      "name": "CVE-2012-5079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079"
    },
    {
      "name": "CVE-2012-5075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075"
    },
    {
      "name": "CVE-2012-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0569"
    },
    {
      "name": "CVE-2012-5071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071"
    },
    {
      "name": "CVE-2012-5086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5086"
    },
    {
      "name": "CVE-2006-4514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4514"
    },
    {
      "name": "CVE-2012-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3959"
    },
    {
      "name": "CVE-2012-3980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3980"
    },
    {
      "name": "CVE-2012-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0773"
    },
    {
      "name": "CVE-2012-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1960"
    },
    {
      "name": "CVE-2012-4245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4245"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2012-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1971"
    },
    {
      "name": "CVE-2012-3963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3963"
    },
    {
      "name": "CVE-2012-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0724"
    },
    {
      "name": "CVE-2012-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073"
    },
    {
      "name": "CVE-2012-3961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3961"
    },
    {
      "name": "CVE-2012-3972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3972"
    },
    {
      "name": "CVE-2011-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2964"
    },
    {
      "name": "CVE-2012-5084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084"
    },
    {
      "name": "CVE-2013-0415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0415"
    },
    {
      "name": "CVE-2011-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2697"
    },
    {
      "name": "CVE-2013-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0399"
    },
    {
      "name": "CVE-2012-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0772"
    },
    {
      "name": "CVE-2012-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089"
    },
    {
      "name": "CVE-2012-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2981"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2012-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3968"
    },
    {
      "name": "CVE-2012-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1974"
    },
    {
      "name": "CVE-2012-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1976"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2012-3964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3964"
    },
    {
      "name": "CVE-2012-5069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069"
    },
    {
      "name": "CVE-2012-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068"
    },
    {
      "name": "CVE-2012-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4416"
    },
    {
      "name": "CVE-2012-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3960"
    },
    {
      "name": "CVE-2012-3969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3969"
    },
    {
      "name": "CVE-2008-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6536"
    },
    {
      "name": "CVE-2012-5085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5085"
    },
    {
      "name": "CVE-2013-0400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0400"
    },
    {
      "name": "CVE-2012-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532"
    },
    {
      "name": "CVE-2012-1970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1970"
    },
    {
      "name": "CVE-2012-0883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0883"
    },
    {
      "name": "CVE-2012-3958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3958"
    },
    {
      "name": "CVE-2012-3956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3956"
    },
    {
      "name": "CVE-2013-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0407"
    },
    {
      "name": "CVE-2012-3401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-166",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXerox FreeFlow Print Server\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xerox FreeFlow Print Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xerox du 26 f\u00e9vrier 2013",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ]
}

CERTA-2013-AVI-166

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Xerox FreeFlow Print Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Xerox FreeFlow Print Server 8.0_SP-3 (82.C5.24.86)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xerox du 26 février 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Xerox FreeFlow Print Server 8.0_SP-3  (82.C5.24.86)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4339"
    },
    {
      "name": "CVE-2012-5166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5166"
    },
    {
      "name": "CVE-2012-1973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1973"
    },
    {
      "name": "CVE-2012-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0769"
    },
    {
      "name": "CVE-2012-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3974"
    },
    {
      "name": "CVE-2012-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159"
    },
    {
      "name": "CVE-2012-3962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3962"
    },
    {
      "name": "CVE-2012-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2983"
    },
    {
      "name": "CVE-2012-1533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533"
    },
    {
      "name": "CVE-2012-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531"
    },
    {
      "name": "CVE-2012-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0768"
    },
    {
      "name": "CVE-2012-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216"
    },
    {
      "name": "CVE-2012-3967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3967"
    },
    {
      "name": "CVE-2012-3966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3966"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2012-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1972"
    },
    {
      "name": "CVE-2012-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3976"
    },
    {
      "name": "CVE-2012-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1975"
    },
    {
      "name": "CVE-2012-5083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083"
    },
    {
      "name": "CVE-2012-3957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3957"
    },
    {
      "name": "CVE-2012-2687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
    },
    {
      "name": "CVE-2012-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3970"
    },
    {
      "name": "CVE-2012-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3978"
    },
    {
      "name": "CVE-2012-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5077"
    },
    {
      "name": "CVE-2012-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072"
    },
    {
      "name": "CVE-2012-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0725"
    },
    {
      "name": "CVE-2012-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2982"
    },
    {
      "name": "CVE-2012-5079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079"
    },
    {
      "name": "CVE-2012-5075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075"
    },
    {
      "name": "CVE-2012-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0569"
    },
    {
      "name": "CVE-2012-5071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071"
    },
    {
      "name": "CVE-2012-5086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5086"
    },
    {
      "name": "CVE-2006-4514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4514"
    },
    {
      "name": "CVE-2012-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3959"
    },
    {
      "name": "CVE-2012-3980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3980"
    },
    {
      "name": "CVE-2012-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0773"
    },
    {
      "name": "CVE-2012-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1960"
    },
    {
      "name": "CVE-2012-4245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4245"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2012-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1971"
    },
    {
      "name": "CVE-2012-3963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3963"
    },
    {
      "name": "CVE-2012-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0724"
    },
    {
      "name": "CVE-2012-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073"
    },
    {
      "name": "CVE-2012-3961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3961"
    },
    {
      "name": "CVE-2012-3972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3972"
    },
    {
      "name": "CVE-2011-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2964"
    },
    {
      "name": "CVE-2012-5084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084"
    },
    {
      "name": "CVE-2013-0415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0415"
    },
    {
      "name": "CVE-2011-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2697"
    },
    {
      "name": "CVE-2013-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0399"
    },
    {
      "name": "CVE-2012-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0772"
    },
    {
      "name": "CVE-2012-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089"
    },
    {
      "name": "CVE-2012-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2981"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2012-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3968"
    },
    {
      "name": "CVE-2012-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1974"
    },
    {
      "name": "CVE-2012-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1976"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2012-3964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3964"
    },
    {
      "name": "CVE-2012-5069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069"
    },
    {
      "name": "CVE-2012-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068"
    },
    {
      "name": "CVE-2012-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4416"
    },
    {
      "name": "CVE-2012-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3960"
    },
    {
      "name": "CVE-2012-3969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3969"
    },
    {
      "name": "CVE-2008-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6536"
    },
    {
      "name": "CVE-2012-5085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5085"
    },
    {
      "name": "CVE-2013-0400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0400"
    },
    {
      "name": "CVE-2012-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532"
    },
    {
      "name": "CVE-2012-1970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1970"
    },
    {
      "name": "CVE-2012-0883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0883"
    },
    {
      "name": "CVE-2012-3958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3958"
    },
    {
      "name": "CVE-2012-3956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3956"
    },
    {
      "name": "CVE-2013-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0407"
    },
    {
      "name": "CVE-2012-3401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-166",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXerox FreeFlow Print Server\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xerox FreeFlow Print Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xerox du 26 f\u00e9vrier 2013",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2983 (GCVE-0-2012-2983)

GHSA-G7X5-GG6R-RHM7

GSD-2012-2983

FKIE_CVE-2012-2983

CERTA-2013-AVI-166

Solution

CERTA-2013-AVI-166

Solution

Tags

Sightings

Nomenclature