FKIE_CVE-2012-4893

Vulnerability from fkie_nvd - Published: 2012-09-11 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
References
cve@mitre.orghttp://americaninfosec.com/research/index.html
cve@mitre.orghttp://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
cve@mitre.orghttp://www.kb.cert.org/vuls/id/788478US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://americaninfosec.com/research/index.html
af854a3a-2127-422b-91ae-364da2661108http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/788478US Government Resource
Impacted products
Vendor Product Version
gentoo webmin *
gentoo webmin 1.140
gentoo webmin 1.150
gentoo webmin 1.160
gentoo webmin 1.170
gentoo webmin 1.180
gentoo webmin 1.200
gentoo webmin 1.210
gentoo webmin 1.220
gentoo webmin 1.230
gentoo webmin 1.240
gentoo webmin 1.260
gentoo webmin 1.270
gentoo webmin 1.280
gentoo webmin 1.290
gentoo webmin 1.300
gentoo webmin 1.310
gentoo webmin 1.320
gentoo webmin 1.330
gentoo webmin 1.340
gentoo webmin 1.370
gentoo webmin 1.380
gentoo webmin 1.390
gentoo webmin 1.400
gentoo webmin 1.410
gentoo webmin 1.420
gentoo webmin 1.430
gentoo webmin 1.440
gentoo webmin 1.450
gentoo webmin 1.470
gentoo webmin 1.480
gentoo webmin 1.500
gentoo webmin 1.510
gentoo webmin 1.520
gentoo webmin 1.530
gentoo webmin 1.550
gentoo webmin 1.560
gentoo webmin 1.570
gentoo webmin 1.580
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
              "versionEndIncluding": "1.590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
              "matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
              "matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
              "matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
              "matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
              "matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
              "matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
              "matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
              "matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
              "matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
              "matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
              "matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
              "matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en file/show.cgi en Webmin v1.590 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usaurios privilegiados para peticiones que (1) leen archivos o ejecutan comandos (2) tar, (3) zip, o (4) gzip, una cuestion diferente de CVE-2012-2982."
    }
  ],
  "id": "CVE-2012-4893",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-11T19:55:00.970",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://americaninfosec.com/research/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/788478"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.