cvelistv5 - cve-2012-2982

CVE-2012-2982 (GCVE-0-2012-2982)

Vulnerability from cvelistv5 – Published: 2012-09-11 18:00 – Updated: 2024-08-06 19:50

Summary

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://www.americaninfosec.com/research/dossiers/…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/788478	third-party-advisoryx_refsource_CERT-VN
	https://github.com/webmin/webmin/commit/1f1411fe7…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1027507	vdb-entryx_refsource_SECTRACK
	http://americaninfosec.com/research/index.html	x_refsource_MISC
	http://www.xerox.com/download/security/security-b…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
          },
          {
            "name": "VU#788478",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/788478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
          },
          {
            "name": "1027507",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://americaninfosec.com/research/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-12T09:00:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
        },
        {
          "name": "VU#788478",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/788478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
        },
        {
          "name": "1027507",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://americaninfosec.com/research/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2982",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf",
              "refsource": "MISC",
              "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
            },
            {
              "name": "VU#788478",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/788478"
            },
            {
              "name": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213",
              "refsource": "CONFIRM",
              "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
            },
            {
              "name": "1027507",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027507"
            },
            {
              "name": "http://americaninfosec.com/research/index.html",
              "refsource": "MISC",
              "url": "http://americaninfosec.com/research/index.html"
            },
            {
              "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-2982",
    "datePublished": "2012-09-11T18:00:00",
    "dateReserved": "2012-05-30T00:00:00",
    "dateUpdated": "2024-08-06T19:50:05.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.590\", \"matchCriteriaId\": \"3BE0D872-5567-4B52-AF86-ECEA6B3640B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"708F7A39-3D58-4E48-AE71-A4892CB742F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FE40C73-F154-4F99-B34D-48B1D090CF9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BE77AF8-2706-40D4-B094-ECA970F7CE4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"365B53A4-FDEE-4D2E-A0C2-72D728F57FDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3470725-212E-4E86-9F06-709BFE7BC99C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2376D29D-C58F-48AD-A52E-639F438D6137\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE3A6060-A8DD-4714-95CF-B330D9F323EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9643F753-6EAC-4054-B1EB-4BFBB4280D4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82396947-1347-4365-AB4F-851A702A7F9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4D06F90-97F5-4936-8CFA-256C9941FF5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60E699C5-FE91-4E6A-8242-FB54D596853F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39AC9A61-0789-4089-AAC3-C4E085ABB80D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36649A62-5287-4798-BE59-18954FB5F168\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E196054-BE88-4381-9AE9-89951A9E814B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E552C43A-947C-42DD-A914-8A8D89605FDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"390A1BA0-C32E-4B64-AF9F-FF95E9366A3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"846C3686-82FE-4C5C-892C-7C6D28965A88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7289E38-D1F7-4964-9D6D-CC7845C354A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CA5E7D8-5213-42A1-A543-DE0546250772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F63C7945-1A73-4267-87A2-5F3380B3BC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29DDC8F5-8AC6-4007-964C-7A035AEE23AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0CD0CB1-1648-48BD-BF31-72545FF0C1E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD95F393-8E6D-4041-9884-DB0E02A132C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38C59749-474C-4205-ADE1-509881CAC84A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7CB881-4DAE-4698-BC75-30187D128623\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C6725EA-FCFD-4C00-90D9-9B5B552C193B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C3D974-185F-47CE-9245-32CC26CC5C00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"768351BA-C94F-4F6F-99B7-4E27C0F971C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B50EF46-2777-47CE-BC99-D1D5B17001FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"501F941E-609B-46B9-A2E0-B359B2DCBB15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FA24721-BC9A-40E2-ACAB-AA2D6C26C157\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67232DFE-C9D5-479E-8DC6-8F577D3ADBF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8976F845-5268-47BD-A782-5B7B8492DC70\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.\"}, {\"lang\": \"es\", \"value\": \"file/show.cgi en Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un car\\u00e1cter no v\\u00e1lido en un nombre de ruta, como se demostr\\u00f3 con | (pipe).\"}]",
      "id": "CVE-2012-2982",
      "lastModified": "2024-11-21T01:40:04.150",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-09-11T18:55:01.237",
      "references": "[{\"url\": \"http://americaninfosec.com/research/index.html\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/788478\", \"source\": \"cret@cert.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securitytracker.com/id?1027507\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://americaninfosec.com/research/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/788478\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.securitytracker.com/id?1027507\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2982\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2012-09-11T18:55:01.237\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.\"},{\"lang\":\"es\",\"value\":\"file/show.cgi en Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un car\u00e1cter no v\u00e1lido en un nombre de ruta, como se demostr\u00f3 con | (pipe).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.590\",\"matchCriteriaId\":\"3BE0D872-5567-4B52-AF86-ECEA6B3640B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"708F7A39-3D58-4E48-AE71-A4892CB742F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE40C73-F154-4F99-B34D-48B1D090CF9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BE77AF8-2706-40D4-B094-ECA970F7CE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365B53A4-FDEE-4D2E-A0C2-72D728F57FDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3470725-212E-4E86-9F06-709BFE7BC99C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2376D29D-C58F-48AD-A52E-639F438D6137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3A6060-A8DD-4714-95CF-B330D9F323EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9643F753-6EAC-4054-B1EB-4BFBB4280D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82396947-1347-4365-AB4F-851A702A7F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4D06F90-97F5-4936-8CFA-256C9941FF5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60E699C5-FE91-4E6A-8242-FB54D596853F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39AC9A61-0789-4089-AAC3-C4E085ABB80D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36649A62-5287-4798-BE59-18954FB5F168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E196054-BE88-4381-9AE9-89951A9E814B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E552C43A-947C-42DD-A914-8A8D89605FDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"390A1BA0-C32E-4B64-AF9F-FF95E9366A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"846C3686-82FE-4C5C-892C-7C6D28965A88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7289E38-D1F7-4964-9D6D-CC7845C354A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CA5E7D8-5213-42A1-A543-DE0546250772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63C7945-1A73-4267-87A2-5F3380B3BC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29DDC8F5-8AC6-4007-964C-7A035AEE23AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0CD0CB1-1648-48BD-BF31-72545FF0C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD95F393-8E6D-4041-9884-DB0E02A132C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C59749-474C-4205-ADE1-509881CAC84A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7CB881-4DAE-4698-BC75-30187D128623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C6725EA-FCFD-4C00-90D9-9B5B552C193B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C3D974-185F-47CE-9245-32CC26CC5C00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768351BA-C94F-4F6F-99B7-4E27C0F971C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B50EF46-2777-47CE-BC99-D1D5B17001FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501F941E-609B-46B9-A2E0-B359B2DCBB15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA24721-BC9A-40E2-ACAB-AA2D6C26C157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67232DFE-C9D5-479E-8DC6-8F577D3ADBF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8976F845-5268-47BD-A782-5B7B8492DC70\"}]}]}],\"references\":[{\"url\":\"http://americaninfosec.com/research/index.html\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/788478\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id?1027507\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://americaninfosec.com/research/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/788478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id?1027507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]}]}}"
  }
}

FKIE_CVE-2012-2982

Vulnerability from fkie_nvd - Published: 2012-09-11 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

References

URL	Tags
cret@cert.org	http://americaninfosec.com/research/index.html
cret@cert.org	http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
cret@cert.org	http://www.kb.cert.org/vuls/id/788478	Patch, US Government Resource
cret@cert.org	http://www.securitytracker.com/id?1027507
cret@cert.org	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
cret@cert.org	https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://americaninfosec.com/research/index.html
af854a3a-2127-422b-91ae-364da2661108	http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/788478	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027507
af854a3a-2127-422b-91ae-364da2661108	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
af854a3a-2127-422b-91ae-364da2661108	https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213	Exploit, Patch

Impacted products

Vendor	Product	Version
gentoo	webmin	*
gentoo	webmin	1.140
gentoo	webmin	1.150
gentoo	webmin	1.160
gentoo	webmin	1.170
gentoo	webmin	1.180
gentoo	webmin	1.200
gentoo	webmin	1.210
gentoo	webmin	1.220
gentoo	webmin	1.230
gentoo	webmin	1.240
gentoo	webmin	1.260
gentoo	webmin	1.270
gentoo	webmin	1.280
gentoo	webmin	1.290
gentoo	webmin	1.300
gentoo	webmin	1.310
gentoo	webmin	1.320
gentoo	webmin	1.330
gentoo	webmin	1.340
gentoo	webmin	1.370
gentoo	webmin	1.380
gentoo	webmin	1.390
gentoo	webmin	1.400
gentoo	webmin	1.410
gentoo	webmin	1.420
gentoo	webmin	1.430
gentoo	webmin	1.440
gentoo	webmin	1.450
gentoo	webmin	1.470
gentoo	webmin	1.480
gentoo	webmin	1.500
gentoo	webmin	1.510
gentoo	webmin	1.520
gentoo	webmin	1.530
gentoo	webmin	1.550
gentoo	webmin	1.560
gentoo	webmin	1.570
gentoo	webmin	1.580

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
              "versionEndIncluding": "1.590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
              "matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
              "matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
              "matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
              "matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
              "matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
              "matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
              "matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
              "matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
              "matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
              "matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
              "matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
    },
    {
      "lang": "es",
      "value": "file/show.cgi en Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un car\u00e1cter no v\u00e1lido en un nombre de ruta, como se demostr\u00f3 con | (pipe)."
    }
  ],
  "id": "CVE-2012-2982",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-11T18:55:01.237",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VPGR-2W9J-94M5

Vulnerability from github – Published: 2022-05-17 05:09 – Updated: 2022-05-17 05:09

Details

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2982"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-09-11T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.",
  "id": "GHSA-vpgr-2w9j-94m5",
  "modified": "2022-05-17T05:09:14Z",
  "published": "2022-05-17T05:09:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2982"
    },
    {
      "type": "WEB",
      "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
    },
    {
      "type": "WEB",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "type": "WEB",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-AVI-166

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Xerox FreeFlow Print Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Xerox FreeFlow Print Server 8.0_SP-3 (82.C5.24.86)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xerox du 26 février 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Xerox FreeFlow Print Server 8.0_SP-3  (82.C5.24.86)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4339"
    },
    {
      "name": "CVE-2012-5166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5166"
    },
    {
      "name": "CVE-2012-1973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1973"
    },
    {
      "name": "CVE-2012-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0769"
    },
    {
      "name": "CVE-2012-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3974"
    },
    {
      "name": "CVE-2012-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159"
    },
    {
      "name": "CVE-2012-3962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3962"
    },
    {
      "name": "CVE-2012-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2983"
    },
    {
      "name": "CVE-2012-1533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533"
    },
    {
      "name": "CVE-2012-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531"
    },
    {
      "name": "CVE-2012-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0768"
    },
    {
      "name": "CVE-2012-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216"
    },
    {
      "name": "CVE-2012-3967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3967"
    },
    {
      "name": "CVE-2012-3966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3966"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2012-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1972"
    },
    {
      "name": "CVE-2012-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3976"
    },
    {
      "name": "CVE-2012-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1975"
    },
    {
      "name": "CVE-2012-5083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083"
    },
    {
      "name": "CVE-2012-3957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3957"
    },
    {
      "name": "CVE-2012-2687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
    },
    {
      "name": "CVE-2012-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3970"
    },
    {
      "name": "CVE-2012-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3978"
    },
    {
      "name": "CVE-2012-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5077"
    },
    {
      "name": "CVE-2012-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072"
    },
    {
      "name": "CVE-2012-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0725"
    },
    {
      "name": "CVE-2012-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2982"
    },
    {
      "name": "CVE-2012-5079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079"
    },
    {
      "name": "CVE-2012-5075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075"
    },
    {
      "name": "CVE-2012-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0569"
    },
    {
      "name": "CVE-2012-5071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071"
    },
    {
      "name": "CVE-2012-5086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5086"
    },
    {
      "name": "CVE-2006-4514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4514"
    },
    {
      "name": "CVE-2012-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3959"
    },
    {
      "name": "CVE-2012-3980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3980"
    },
    {
      "name": "CVE-2012-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0773"
    },
    {
      "name": "CVE-2012-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1960"
    },
    {
      "name": "CVE-2012-4245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4245"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2012-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1971"
    },
    {
      "name": "CVE-2012-3963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3963"
    },
    {
      "name": "CVE-2012-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0724"
    },
    {
      "name": "CVE-2012-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073"
    },
    {
      "name": "CVE-2012-3961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3961"
    },
    {
      "name": "CVE-2012-3972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3972"
    },
    {
      "name": "CVE-2011-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2964"
    },
    {
      "name": "CVE-2012-5084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084"
    },
    {
      "name": "CVE-2013-0415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0415"
    },
    {
      "name": "CVE-2011-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2697"
    },
    {
      "name": "CVE-2013-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0399"
    },
    {
      "name": "CVE-2012-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0772"
    },
    {
      "name": "CVE-2012-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089"
    },
    {
      "name": "CVE-2012-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2981"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2012-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3968"
    },
    {
      "name": "CVE-2012-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1974"
    },
    {
      "name": "CVE-2012-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1976"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2012-3964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3964"
    },
    {
      "name": "CVE-2012-5069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069"
    },
    {
      "name": "CVE-2012-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068"
    },
    {
      "name": "CVE-2012-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4416"
    },
    {
      "name": "CVE-2012-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3960"
    },
    {
      "name": "CVE-2012-3969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3969"
    },
    {
      "name": "CVE-2008-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6536"
    },
    {
      "name": "CVE-2012-5085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5085"
    },
    {
      "name": "CVE-2013-0400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0400"
    },
    {
      "name": "CVE-2012-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532"
    },
    {
      "name": "CVE-2012-1970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1970"
    },
    {
      "name": "CVE-2012-0883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0883"
    },
    {
      "name": "CVE-2012-3958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3958"
    },
    {
      "name": "CVE-2012-3956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3956"
    },
    {
      "name": "CVE-2013-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0407"
    },
    {
      "name": "CVE-2012-3401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-166",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXerox FreeFlow Print Server\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xerox FreeFlow Print Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xerox du 26 f\u00e9vrier 2013",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ]
}

CERTA-2013-AVI-166

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Xerox FreeFlow Print Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Xerox FreeFlow Print Server 8.0_SP-3 (82.C5.24.86)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xerox du 26 février 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Xerox FreeFlow Print Server 8.0_SP-3  (82.C5.24.86)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4339"
    },
    {
      "name": "CVE-2012-5166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5166"
    },
    {
      "name": "CVE-2012-1973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1973"
    },
    {
      "name": "CVE-2012-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0769"
    },
    {
      "name": "CVE-2012-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3974"
    },
    {
      "name": "CVE-2012-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3159"
    },
    {
      "name": "CVE-2012-3962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3962"
    },
    {
      "name": "CVE-2012-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2983"
    },
    {
      "name": "CVE-2012-1533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1533"
    },
    {
      "name": "CVE-2012-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1531"
    },
    {
      "name": "CVE-2012-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0768"
    },
    {
      "name": "CVE-2012-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3216"
    },
    {
      "name": "CVE-2012-3967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3967"
    },
    {
      "name": "CVE-2012-3966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3966"
    },
    {
      "name": "CVE-2012-5081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5081"
    },
    {
      "name": "CVE-2012-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1972"
    },
    {
      "name": "CVE-2012-3976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3976"
    },
    {
      "name": "CVE-2012-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1975"
    },
    {
      "name": "CVE-2012-5083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5083"
    },
    {
      "name": "CVE-2012-3957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3957"
    },
    {
      "name": "CVE-2012-2687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
    },
    {
      "name": "CVE-2012-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3970"
    },
    {
      "name": "CVE-2012-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3978"
    },
    {
      "name": "CVE-2012-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5077"
    },
    {
      "name": "CVE-2012-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5072"
    },
    {
      "name": "CVE-2012-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0725"
    },
    {
      "name": "CVE-2012-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2982"
    },
    {
      "name": "CVE-2012-5079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5079"
    },
    {
      "name": "CVE-2012-5075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5075"
    },
    {
      "name": "CVE-2012-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0569"
    },
    {
      "name": "CVE-2012-5071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5071"
    },
    {
      "name": "CVE-2012-5086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5086"
    },
    {
      "name": "CVE-2006-4514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4514"
    },
    {
      "name": "CVE-2012-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3959"
    },
    {
      "name": "CVE-2012-3980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3980"
    },
    {
      "name": "CVE-2012-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0773"
    },
    {
      "name": "CVE-2012-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1960"
    },
    {
      "name": "CVE-2012-4245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4245"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2012-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1971"
    },
    {
      "name": "CVE-2012-3963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3963"
    },
    {
      "name": "CVE-2012-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0724"
    },
    {
      "name": "CVE-2012-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5073"
    },
    {
      "name": "CVE-2012-3961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3961"
    },
    {
      "name": "CVE-2012-3972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3972"
    },
    {
      "name": "CVE-2011-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2964"
    },
    {
      "name": "CVE-2012-5084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5084"
    },
    {
      "name": "CVE-2013-0415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0415"
    },
    {
      "name": "CVE-2011-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2697"
    },
    {
      "name": "CVE-2013-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0399"
    },
    {
      "name": "CVE-2012-0772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0772"
    },
    {
      "name": "CVE-2012-5089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5089"
    },
    {
      "name": "CVE-2012-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2981"
    },
    {
      "name": "CVE-2012-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
    },
    {
      "name": "CVE-2012-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3968"
    },
    {
      "name": "CVE-2012-1974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1974"
    },
    {
      "name": "CVE-2012-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1976"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2012-3964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3964"
    },
    {
      "name": "CVE-2012-5069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5069"
    },
    {
      "name": "CVE-2012-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5068"
    },
    {
      "name": "CVE-2012-4416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4416"
    },
    {
      "name": "CVE-2012-3960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3960"
    },
    {
      "name": "CVE-2012-3969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3969"
    },
    {
      "name": "CVE-2008-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6536"
    },
    {
      "name": "CVE-2012-5085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5085"
    },
    {
      "name": "CVE-2013-0400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0400"
    },
    {
      "name": "CVE-2012-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1532"
    },
    {
      "name": "CVE-2012-1970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1970"
    },
    {
      "name": "CVE-2012-0883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0883"
    },
    {
      "name": "CVE-2012-3958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3958"
    },
    {
      "name": "CVE-2012-3956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3956"
    },
    {
      "name": "CVE-2013-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0407"
    },
    {
      "name": "CVE-2012-3401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-166",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eXerox FreeFlow Print Server\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xerox FreeFlow Print Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xerox du 26 f\u00e9vrier 2013",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    }
  ]
}

GSD-2012-2982

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

Aliases

CVE-2012-2982

Aliases

CVE-2012-2982

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2982",
    "description": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.",
    "id": "GSD-2012-2982",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2012-2982"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2982"
      ],
      "details": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.",
      "id": "GSD-2012-2982",
      "modified": "2023-12-13T01:20:15.983237Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2012-2982",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf",
            "refsource": "MISC",
            "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
          },
          {
            "name": "VU#788478",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/788478"
          },
          {
            "name": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213",
            "refsource": "CONFIRM",
            "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
          },
          {
            "name": "1027507",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027507"
          },
          {
            "name": "http://americaninfosec.com/research/index.html",
            "refsource": "MISC",
            "url": "http://americaninfosec.com/research/index.html"
          },
          {
            "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.590",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2982"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
            },
            {
              "name": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
            },
            {
              "name": "VU#788478",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/788478"
            },
            {
              "name": "http://americaninfosec.com/research/index.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://americaninfosec.com/research/index.html"
            },
            {
              "name": "1027507",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027507"
            },
            {
              "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-05-30T03:16Z",
      "publishedDate": "2012-09-11T18:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2982 (GCVE-0-2012-2982)

FKIE_CVE-2012-2982

GHSA-VPGR-2W9J-94M5

CERTA-2013-AVI-166

Solution

CERTA-2013-AVI-166

Solution

GSD-2012-2982

Tags

Sightings

Nomenclature