CVE-2012-2983
published 2012-09-11CVE-2012-2983: file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers…
PriorityP344medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
20.46%
97.2th percentile
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gentoo | webmin | <= 1.590 | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
| gentoo | webmin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to edit_html.cgi containing a 'file' parameter with directory traversal sequences (e.g., '../') to detect exploitation attempts targeting arbitrary file read. ↗
- →The exploit requires an authenticated session with access to the File Manager Module; alert on authenticated users accessing edit_html.cgi with file paths outside expected web root directories. ↗
- →The Metasploit auxiliary module 'auxiliary/admin/webmin/edit_html_fileaccess' can be used to validate exposure; presence of this module in logs or IDS signatures indicates active exploitation tooling. ↗
- ·Exploitation requires the attacker to be authenticated and have access to the File Manager Module — unauthenticated exploitation is not possible. ↗
- ·The Metasploit module was tested specifically against Webmin 1.580 on Ubuntu 10.04; behavior on other OS/version combinations may differ. ↗
- ·The NVD advisory covers Webmin 1.590 and earlier as the vulnerable range, while the Metasploit module specifically targets 1.580; detections should cover the full range up to and including 1.590. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://americaninfosec.com/research/index.htmlhttp://www.americaninfosec.com/research/dossiers/AISG-12-002.pdfhttp://www.kb.cert.org/vuls/id/788478http://www.securitytracker.com/id?1027507http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80http://americaninfosec.com/research/index.htmlhttp://www.americaninfosec.com/research/dossiers/AISG-12-002.pdfhttp://www.kb.cert.org/vuls/id/788478http://www.securitytracker.com/id?1027507http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
2012-09-11
Published