Vulnerability Note VU#788478
Webmin contains input validation vulnerabilities
Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities.
The advisories from American Information Security Group report the following vulnerabilities.
CWE-20: Improper Input Validation - CVE-2012-2981
CWE-77: Improper Neutralization of Special Elements used in a Command - CVE-2012-2982
CWE-22: Improper Limitation of a Pathname to a Restricted Directory - CVE-2012-2983
Full details of each vulnerability are available in the American Information Security Group advisories linked in the References section.
An authenticated attacker may be able to execute arbitrary commands.
We are currently unaware of a practical solution to this problem. The vendor is aware of the vulnerabilities and has patches available in the development branch but an official version including the patches was not available at the time of publication.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Webmin||Affected||10 Jul 2012||05 Sep 2012|
CVSS Metrics (Learn More)
Thanks to the American Information Security Group for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-2981 CVE-2012-2982 CVE-2012-2983
- Date Public: 06 Sep 2012
- Date First Published: 06 Sep 2012
- Date Last Updated: 14 Aug 2014
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.