Описание
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2001-1074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6627
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3
- http://www.securityfocus.com/bid/2795
EPSS
Процентиль: 35%
0.00149
Низкий
CVE ID
Связанные уязвимости
nvd
почти 25 лет назад
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
EPSS
Процентиль: 35%
0.00149
Низкий