Описание
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2001-1074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6627
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3
- http://www.securityfocus.com/bid/2795
EPSS
Процентиль: 14%
0.00046
Низкий
CVE ID
Связанные уязвимости
nvd
около 24 лет назад
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
EPSS
Процентиль: 14%
0.00046
Низкий