Vulnerability Details : CVE-2012-2981
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2012-2981
Probability of exploitation activity in the next 30 days: 0.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2981
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2012-2981
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2981
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
-
https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e
Prevent passing in of monitor type that could contain invalid charact… · webmin/webmin@ed73650 · GitHubPatch
-
http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf
-
http://americaninfosec.com/research/index.html
404 Not Found
-
http://www.kb.cert.org/vuls/id/788478
VU#788478 - Webmin contains input validation vulnerabilitiesPatch;US Government Resource
-
http://www.securitytracker.com/id?1027507
Webmin Flaws Let Remote Authenticated Users Execute Arbitrary Code and View Arbitrary Files - SecurityTracker
Products affected by CVE-2012-2981
- cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*