CVE-2002-1673

The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://online.securityfocus.com/archive/1/263181
http://www.securityfocus.com/bid/4329	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/8596

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:webmin:webmin:0.1:::::::*
	cpe:2.3:a:webmin:webmin:0.2:::::::*
	cpe:2.3:a:webmin:webmin:0.3:::::::*
	cpe:2.3:a:webmin:webmin:0.4:::::::*
	cpe:2.3:a:webmin:webmin:0.5:::::::*
	cpe:2.3:a:webmin:webmin:0.6:::::::*
	cpe:2.3:a:webmin:webmin:0.7:::::::*
	cpe:2.3:a:webmin:webmin:0.21:::::::*
	cpe:2.3:a:webmin:webmin:0.22:::::::*
	cpe:2.3:a:webmin:webmin:0.31:::::::*
	cpe:2.3:a:webmin:webmin:0.41:::::::*
	cpe:2.3:a:webmin:webmin:0.42:::::::*
	cpe:2.3:a:webmin:webmin:0.51:::::::*
	cpe:2.3:a:webmin:webmin:0.76:::::::*
	cpe:2.3:a:webmin:webmin:0.77:::::::*
	cpe:2.3:a:webmin:webmin:0.78:::::::*
	cpe:2.3:a:webmin:webmin:0.79:::::::*
	cpe:2.3:a:webmin:webmin:0.80:::::::*
	cpe:2.3:a:webmin:webmin:0.83:::::::*
	cpe:2.3:a:webmin:webmin:0.84:::::::*
	cpe:2.3:a:webmin:webmin:0.85:::::::*
	cpe:2.3:a:webmin:webmin:0.88:::::::*
	cpe:2.3:a:webmin:webmin:0.91:::::::*
	cpe:2.3:a:webmin:webmin:0.92:::::::*
	cpe:2.3:a:webmin:webmin:0.92.1:::::::*

History

No history.

Information

Published : 2002-12-31 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2002-1673

Mitre link : CVE-2002-1673

CVE.ORG link : CVE-2002-1673

JSON object : View

Products Affected

webmin

webmin

CWE

NVD-CWE-Other

{"id": "CVE-2002-1673", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/263181", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4329", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."}], "lastModified": "2017-07-11T01:29:19.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA"}, {"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}