CVE Vulnerabilities

CVE-2001-1074

Published: May 28, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Affected Software

Name Vendor Start Version End Version
Webmin Webmin 0.5 0.5
Webmin Webmin 0.6 0.6
Webmin Webmin 0.7 0.7
Webmin Webmin 0.80 0.80
Webmin Webmin 0.83 0.83
Webmin Webmin 0.84 0.84

References