Detections
Analytics

Webmin 'miniserv.pl' Arbitrary File Disclosure

medium Nessus Plugin ID 21785

Language:

Synopsis

The remote web server is affected by an information disclosure flaw.

Description

The version of Webmin installed on the remote host is affected by an information disclosure flaw due to a flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user .

Solution

Upgrade to Webmin 1.290 or later.

See Also

http://www.webmin.com/changes-1.290.html

Plugin Details

Severity: Medium

ID: 21785

File Name: webmin_1290.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 6/30/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2006-3392

Vulnerability Information

CPE: cpe:/a:webmin:webmin

Required KB Items: www/webmin

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 6/29/2006

Vulnerability Publication Date: 6/29/2006

Reference Information

CVE: CVE-2006-3392

BID: 18744