First published: Wed Feb 26 2003(Updated: )
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Usermin Usermin | =0.91 | |
Usermin Usermin | =0.9 | |
Webmin Webmin | =1.0.60 | |
Usermin Usermin | =0.8 | |
Usermin Usermin | =0.97 | |
Usermin Usermin | =0.99 | |
Usermin Usermin | =0.6 | |
Usermin Usermin | =0.96 | |
Usermin Usermin | =0.5 | |
Usermin Usermin | =0.7 | |
Usermin Usermin | =0.4 | |
Usermin Usermin | =0.93 | |
Usermin Usermin | =0.94 | |
Usermin Usermin | =0.95 | |
Usermin Usermin | =0.98 | |
Engardelinux Guardian Digital Webtool | =1.2 | |
Usermin Usermin | =0.92 | |
Webmin Webmin | =1.0.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.