jvndb-2006-000938
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Webmin directory traversal vulnerability
Details
Webmin is a web-based system management tool. Webmin contains a directory traversal vulnerability which allows to bypass authentication. As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.
References
JVN http://jvn.jp/en/jp/JVN67974490/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274
SECUNIA http://secunia.com/advisories/20777
BID http://www.securityfocus.com/bid/18613
XF http://xforce.iss.net/xforce/xfdb/27366
SECTRACK http://securitytracker.com/id?1016375
FRSIRT http://www.frsirt.com/english/advisories/2006/2493
Impacted products
Webmin ProjectUsermin
Webmin ProjectWebmin
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Webmin is a web-based system management tool.\r\nWebmin contains a directory traversal vulnerability which allows to bypass authentication.\r\n\r\nAs of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:webmin:usermin",
      "@product": "Usermin",
      "@vendor": "Webmin Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:webmin:webmin",
      "@product": "Webmin",
      "@vendor": "Webmin Project",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000938",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN67974490/index.html",
      "@id": "JVN#67974490",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274",
      "@id": "CVE-2006-3274",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274",
      "@id": "CVE-2006-3274",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/20777",
      "@id": "SA20777",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18613",
      "@id": "18613",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/27366",
      "@id": "27366",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1016375",
      "@id": "1016375",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/2493",
      "@id": "FrSIRT/ADV-2006-2493",
      "@source": "FRSIRT"
    }
  ],
  "title": "Webmin directory traversal vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.