HTTP: Webmin File Disclosure
This signature detects attempts to exploit a known vulnerability against Webmin. Attackers can send a maliciously crafted request that reveals the contents of any file on the server.
Extended Description
Webmin and Usermin are prone to an unspecified information-disclosure vulnerability. This issue is due to a failure in the applications to properly sanitize user-supplied input. An attacker can exploit this issue to retrieve potentially sensitive information. This issue affects Webmin versions prior to 1.290 and Usermin versions prior to 1.220. Unconfirmed reports suggest that this issue is the same as the one discussed in BID 18613 (Webmin Remote Directory Traversal Vulnerability). However, the fixes associated with that issue did not completely solve the vulnerability.
Affected Products
Mandriva linux_mandrake
References
BugTraq: 18744
CVE: CVE-2005-1177
URL: http://www.webmin.com/ http://securitytracker.com/id?1013723
Short Name
HTTP:PKG:WEBMIN-FILEDISC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-1177 Disclosure File Webmin bid:18744
Release Date
07/12/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Webmin
Mandriva
Debian
Gentoo
CVSS Score
10.0