CVE-2006-4542: XSS
First published: Tue Sep 05 2006(Updated: )
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | =1.2.50 | |
| Webmin | =0.97 | |
| Webmin Usermin | =0.91 | |
| Webmin | =0.22 | |
| Webmin | =0.99 | |
| Webmin Usermin | =1.070 | |
| Webmin | =1.0.20 | |
| Webmin | =1.0.51 | |
| Webmin | =0.7 | |
| Webmin | =1.0.10 | |
| Webmin Usermin | =1.040 | |
| Webmin | =0.88 | |
| Webmin Usermin | =0.9 | |
| Webmin | =0.4 | |
| Webmin Usermin | =1.060 | |
| Webmin | =1.1.50 | |
| Webmin | =1.0.60 | |
| Webmin Usermin | =0.8 | |
| Webmin Usermin | =1.080 | |
| Webmin Usermin | =1.100 | |
| Webmin | =1.1.00 | |
| Webmin Usermin | =1.210 | |
| Webmin | =1.1.30 | |
| Webmin | =0.96 | |
| Webmin | =1.1.21 | |
| Webmin | =0.51 | |
| Webmin | =0.90 | |
| Webmin | =0.93 | |
| Webmin | =0.31 | |
| Webmin | =0.42 | |
| Webmin | =1.0.00 | |
| Webmin | =1.0.90 | |
| Webmin | =0.92 | |
| Webmin | =0.78 | |
| Webmin Usermin | =0.97 | |
| Webmin Usermin | =0.99 | |
| Webmin Usermin | =1.010 | |
| Webmin Usermin | =0.6 | |
| Webmin Usermin | =1.130 | |
| Webmin | <=1.2.90 | |
| Webmin | =1.2.80 | |
| Webmin Usermin | =1.150 | |
| Webmin | =1.2.30 | |
| Webmin Usermin | =1.140 | |
| Webmin Usermin | =0.96 | |
| Webmin | =1.0.30 | |
| Webmin | =1.2.20 | |
| Webmin | =1.1.40 | |
| Webmin | =0.21 | |
| Webmin | =0.77 | |
| Webmin | =1.1.20 | |
| Webmin Usermin | =1.090 | |
| Webmin Usermin | =1.020 | |
| Webmin | =0.2 | |
| Webmin | =0.85 | |
| Webmin | =0.6 | |
| Webmin | =0.41 | |
| Webmin | =1.2.60 | |
| Webmin | =0.95 | |
| Webmin | =0.94 | |
| Webmin Usermin | =0.5 | |
| Webmin Usermin | =1.051 | |
| Webmin Usermin | =1.000 | |
| Webmin Usermin | =1.030 | |
| Webmin Usermin | <=1.220 | |
| Webmin | =0.83 | |
| Webmin Usermin | =0.94 | |
| Webmin | =1.2.70 | |
| Webmin Usermin | =0.95 | |
| Webmin | =0.84 | |
| Webmin | =1.0.70 | |
| Webmin | =0.3 | |
| Webmin | =0.79 | |
| Webmin Usermin | =0.92 | |
| Webmin Usermin | =1.110 | |
| Webmin | =0.76 | |
| Webmin Usermin | =0.98 | |
| Webmin Usermin | =0.93 | |
| Webmin | =0.91 | |
| Webmin | =1.0.50 | |
| Webmin | =1.0.40 | |
| Webmin | =0.80 | |
| Webmin | =0.1 | |
| Webmin | =0.5 | |
| Webmin | =0.98 | |
| Webmin | =1.0.80 | |
| Webmin Usermin | =0.7 | |
| Webmin Usermin | =1.120 | |
| Webmin | =1.1.10 | |
| Webmin | =1.2.40 | |
| Webmin | =0.92.1 | |
| Webmin Usermin | =0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html
- http://jvn.jp/jp/JVN%2399776858/index.html
- http://webmin.com/security.html
- http://secunia.com/advisories/21690
- http://securitytracker.com/id?1016776
- http://securitytracker.com/id?1016777
- http://www.securityfocus.com/bid/19820
- http://secunia.com/advisories/22087
- http://secunia.com/advisories/22114
- http://www.debian.org/security/2006/dsa-1199
- http://secunia.com/advisories/22556
- http://www.osvdb.org/28337
- http://www.osvdb.org/28338
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
- http://www.vupen.com/english/advisories/2006/3424
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
Frequently Asked Questions
What is the severity of CVE-2006-4542?
CVE-2006-4542 has a medium severity rating due to its potential to facilitate various attacks such as cross-site scripting and unauthorized access to sensitive information.
How do I fix CVE-2006-4542?
To fix CVE-2006-4542, upgrade Webmin to version 1.296 or later and Usermin to version 1.226 or later.
What types of attacks can be executed using CVE-2006-4542?
CVE-2006-4542 can allow remote attackers to execute cross-site scripting attacks, read CGI program source code, list directories, and possibly execute programs.
Which versions of Webmin are affected by CVE-2006-4542?
Webmin versions prior to 1.296 are affected by CVE-2006-4542.
Which versions of Usermin are affected by CVE-2006-4542?
Usermin versions prior to 1.226 are affected by CVE-2006-4542.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- vendor/webmin
- canonical/webmin
- version/webmin/1.2.50
- version/webmin/0.97
- vendor/usermin
- canonical/webmin usermin
- version/webmin usermin/0.91
- version/webmin/0.22
- version/webmin/0.99
- version/webmin usermin/1.070
- version/webmin/1.0.20
- version/webmin/1.0.51
- version/webmin/0.7
- version/webmin/1.0.10
- version/webmin usermin/1.040
- version/webmin/0.88
- version/webmin usermin/0.9
- version/webmin/0.4
- version/webmin usermin/1.060
- version/webmin/1.1.50
- version/webmin/1.0.60
- version/webmin usermin/0.8
- version/webmin usermin/1.080
- version/webmin usermin/1.100
- version/webmin/1.1.00
- version/webmin usermin/1.210
- version/webmin/1.1.30
- version/webmin/0.96
- version/webmin/1.1.21
- version/webmin/0.51
- version/webmin/0.90
- version/webmin/0.93
- version/webmin/0.31
- version/webmin/0.42
- version/webmin/1.0.00
- version/webmin/1.0.90
- version/webmin/0.92
- version/webmin/0.78
- version/webmin usermin/0.97
- version/webmin usermin/0.99
- version/webmin usermin/1.010
- version/webmin usermin/0.6
- version/webmin usermin/1.130
- version/webmin/1.2.90
- version/webmin/1.2.80
- version/webmin usermin/1.150
- version/webmin/1.2.30
- version/webmin usermin/1.140
- version/webmin usermin/0.96
- version/webmin/1.0.30
- version/webmin/1.2.20
- version/webmin/1.1.40
- version/webmin/0.21
- version/webmin/0.77
- version/webmin/1.1.20
- version/webmin usermin/1.090
- version/webmin usermin/1.020
- version/webmin/0.2
- version/webmin/0.85
- version/webmin/0.6
- version/webmin/0.41
- version/webmin/1.2.60
- version/webmin/0.95
- version/webmin/0.94
- version/webmin usermin/0.5
- version/webmin usermin/1.051
- version/webmin usermin/1.000
- version/webmin usermin/1.030
- version/webmin usermin/1.220
- version/webmin/0.83
- version/webmin usermin/0.94
- version/webmin/1.2.70
- version/webmin usermin/0.95
- version/webmin/0.84
- version/webmin/1.0.70
- version/webmin/0.3
- version/webmin/0.79
- version/webmin usermin/0.92
- version/webmin usermin/1.110
- version/webmin/0.76
- version/webmin usermin/0.98
- version/webmin usermin/0.93
- version/webmin/0.91
- version/webmin/1.0.50
- version/webmin/1.0.40
- version/webmin/0.80
- version/webmin/0.1
- version/webmin/0.5
- version/webmin/0.98
- version/webmin/1.0.80
- version/webmin usermin/0.7
- version/webmin usermin/1.120
- version/webmin/1.1.10
- version/webmin/1.2.40
- version/webmin/0.92.1
- version/webmin usermin/0.4