JVNDB-2006-000938

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
() - -
Summary
Webmin directory traversal vulnerability
Details
Webmin is a web-based system management tool. Webmin contains a directory traversal vulnerability which allows to bypass authentication. As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Webmin is a web-based system management tool.\r\nWebmin contains a directory traversal vulnerability which allows to bypass authentication.\r\n\r\nAs of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:webmin:usermin",
      "@product": "Usermin",
      "@vendor": "Webmin Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:webmin:webmin",
      "@product": "Webmin",
      "@vendor": "Webmin Project",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000938",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN67974490/index.html",
      "@id": "JVN#67974490",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274",
      "@id": "CVE-2006-3274",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274",
      "@id": "CVE-2006-3274",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/20777",
      "@id": "SA20777",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18613",
      "@id": "18613",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/27366",
      "@id": "27366",
      "@source": "XF"
    },
    {
      "#text": "http://securitytracker.com/id?1016375",
      "@id": "1016375",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/2493",
      "@id": "FrSIRT/ADV-2006-2493",
      "@source": "FRSIRT"
    }
  ],
  "title": "Webmin directory traversal vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.