CVE-2012-2983
First published: Tue Sep 11 2012(Updated: )
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webmin | <=1.590 | |
| Webmin | =1.140 | |
| Webmin | =1.150 | |
| Webmin | =1.160 | |
| Webmin | =1.170 | |
| Webmin | =1.180 | |
| Webmin | =1.200 | |
| Webmin | =1.210 | |
| Webmin | =1.220 | |
| Webmin | =1.230 | |
| Webmin | =1.240 | |
| Webmin | =1.260 | |
| Webmin | =1.270 | |
| Webmin | =1.280 | |
| Webmin | =1.290 | |
| Webmin | =1.300 | |
| Webmin | =1.310 | |
| Webmin | =1.320 | |
| Webmin | =1.330 | |
| Webmin | =1.340 | |
| Webmin | =1.370 | |
| Webmin | =1.380 | |
| Webmin | =1.390 | |
| Webmin | =1.400 | |
| Webmin | =1.410 | |
| Webmin | =1.420 | |
| Webmin | =1.430 | |
| Webmin | =1.440 | |
| Webmin | =1.450 | |
| Webmin | =1.470 | |
| Webmin | =1.480 | |
| Webmin | =1.500 | |
| Webmin | =1.510 | |
| Webmin | =1.520 | |
| Webmin | =1.530 | |
| Webmin | =1.550 | |
| Webmin | =1.560 | |
| Webmin | =1.570 | |
| Webmin | =1.580 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://americaninfosec.com/research/index.html
- http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
- http://www.kb.cert.org/vuls/id/788478
- http://www.securitytracker.com/id?1027507
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
Frequently Asked Questions
What is the severity of CVE-2012-2983?
CVE-2012-2983 has a medium severity level due to the potential for unauthorized file access.
How do I fix CVE-2012-2983?
To fix CVE-2012-2983, update Webmin to version 1.590 or later to ensure proper authorization checks are in place.
What type of attacks can result from CVE-2012-2983?
CVE-2012-2983 allows remote attackers to read arbitrary files, which can lead to data leakage and potential further exploitation.
Which versions of Webmin are affected by CVE-2012-2983?
CVE-2012-2983 affects Webmin versions 1.590 and earlier.
Is there a workaround for CVE-2012-2983 if I cannot update?
A possible workaround for CVE-2012-2983 is to restrict access to the Webmin interface to trusted IPs until an update can be applied.
- agent/references
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/event
- agent/weakness
- agent/severity
- agent/remedy
- vendor/gentoo
- canonical/webmin
- version/webmin/1.590
- version/webmin/1.140
- version/webmin/1.150
- version/webmin/1.160
- version/webmin/1.170
- version/webmin/1.180
- version/webmin/1.200
- version/webmin/1.210
- version/webmin/1.220
- version/webmin/1.230
- version/webmin/1.240
- version/webmin/1.260
- version/webmin/1.270
- version/webmin/1.280
- version/webmin/1.290
- version/webmin/1.300
- version/webmin/1.310
- version/webmin/1.320
- version/webmin/1.330
- version/webmin/1.340
- version/webmin/1.370
- version/webmin/1.380
- version/webmin/1.390
- version/webmin/1.400
- version/webmin/1.410
- version/webmin/1.420
- version/webmin/1.430
- version/webmin/1.440
- version/webmin/1.450
- version/webmin/1.470
- version/webmin/1.480
- version/webmin/1.500
- version/webmin/1.510
- version/webmin/1.520
- version/webmin/1.530
- version/webmin/1.550
- version/webmin/1.560
- version/webmin/1.570
- version/webmin/1.580