FKIE_CVE-2012-2981

Vulnerability from fkie_nvd - Published: 2012-09-11 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
References
cret@cert.orghttp://americaninfosec.com/research/index.html
cret@cert.orghttp://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf
cret@cert.orghttp://www.kb.cert.org/vuls/id/788478Patch, US Government Resource
cret@cert.orghttp://www.securitytracker.com/id?1027507
cret@cert.orghttp://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
cret@cert.orghttps://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9ePatch
af854a3a-2127-422b-91ae-364da2661108http://americaninfosec.com/research/index.html
af854a3a-2127-422b-91ae-364da2661108http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/788478Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027507
af854a3a-2127-422b-91ae-364da2661108http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
af854a3a-2127-422b-91ae-364da2661108https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9ePatch
Impacted products
Vendor Product Version
gentoo webmin *
gentoo webmin 1.140
gentoo webmin 1.150
gentoo webmin 1.160
gentoo webmin 1.170
gentoo webmin 1.180
gentoo webmin 1.200
gentoo webmin 1.210
gentoo webmin 1.220
gentoo webmin 1.230
gentoo webmin 1.240
gentoo webmin 1.260
gentoo webmin 1.270
gentoo webmin 1.280
gentoo webmin 1.290
gentoo webmin 1.300
gentoo webmin 1.310
gentoo webmin 1.320
gentoo webmin 1.330
gentoo webmin 1.340
gentoo webmin 1.370
gentoo webmin 1.380
gentoo webmin 1.390
gentoo webmin 1.400
gentoo webmin 1.410
gentoo webmin 1.420
gentoo webmin 1.430
gentoo webmin 1.440
gentoo webmin 1.450
gentoo webmin 1.470
gentoo webmin 1.480
gentoo webmin 1.500
gentoo webmin 1.510
gentoo webmin 1.520
gentoo webmin 1.530
gentoo webmin 1.550
gentoo webmin 1.560
gentoo webmin 1.570
gentoo webmin 1.580
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
              "versionEndIncluding": "1.590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
              "matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
              "matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
              "matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
              "matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
              "matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
              "matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
              "matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
              "matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
              "matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
              "matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
              "matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter."
    },
    {
      "lang": "es",
      "value": "Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar cualquier c\u00f3digo Perl de su elecci\u00f3n a trav\u00e9s de un archivo (creado para tal fin) asociado con el par\u00e1metro \u0027type\u0027(tambi\u00e9n conocido como \u0027monitor type name\u0027).\r\n"
    }
  ],
  "id": "CVE-2012-2981",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-11T18:55:01.160",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.