FKIE_CVE-2006-3274

Vulnerability from fkie_nvd - Published: 2006-06-28 22:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
References
cve@mitre.orghttp://jvn.jp/jp/JVN%2367974490/index.html
cve@mitre.orghttp://secunia.com/advisories/20777Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1161
cve@mitre.orghttp://securitytracker.com/id?1016375
cve@mitre.orghttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/438149/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/18613
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2493
cve@mitre.orghttp://www.webmin.com/changes.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/27366
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/jp/JVN%2367974490/index.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20777Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1161
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016375
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/438149/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18613
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2493
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27366
Impacted products
Vendor Product Version
webmin webmin *
webmin webmin 1.2.30
webmin webmin 1.2.40
webmin webmin 1.2.50
webmin webmin 1.2.60
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A55881-A6A1-47F7-BEE5-E27981B2FE36",
              "versionEndIncluding": "1.2.70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en versiones de Webmin anteriores a la v1.280, cuando se ejecuta en Windows, permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s del car\u00e1cter \\ (barra invertida) en la URL a determinados directorios bajo la ra\u00edz Web, tales como el directorio de imagenes."
    }
  ],
  "evaluatorSolution": "Update to version 1.280.",
  "id": "CVE-2006-3274",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-28T22:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/jp/JVN%2367974490/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20777"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1161"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016375"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18613"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2493"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/jp/JVN%2367974490/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.