Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2006-4542 First vendor Publication 2006-09-05
Vendor Cve Last vendor Modification 2017-07-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4542

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 33
Application 72

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 1199-1 (webmin)
File : nvt/deb_1199_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
28338 Webmin/Usermin NULL Character Unspecified XSS

Webmin/Usermin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not sanitize input passed in a NULL character. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
28337 Webmin/Usermin NULL Character Unspecified Source Disclosure

Webmin/Usermin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because input passed in a NULL character is not properly verified, this will disclose the source code of arbitrary CGI and Perl programs resulting in a loss of confidentiality.

Nessus® Vulnerability Scanner

Date Description
2014-09-16 Name : The remote web server is affected by an information disclosure vulnerability.
File : usermin_1226_info_disclosure.nasl - Type : ACT_ATTACK
2007-02-18 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2006-170.nasl - Type : ACT_GATHER_INFO
2006-10-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1199.nasl - Type : ACT_GATHER_INFO
2006-09-02 Name : The remote web server is affected by an information disclosure vulnerability.
File : webmin_1296.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/19820
CONFIRM http://webmin.com/security.html
DEBIAN http://www.debian.org/security/2006/dsa-1199
JVN http://jvn.jp/jp/JVN%2399776858/index.html
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
MISC http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html
OSVDB http://www.osvdb.org/28337
http://www.osvdb.org/28338
SECTRACK http://securitytracker.com/id?1016776
http://securitytracker.com/id?1016777
SECUNIA http://secunia.com/advisories/21690
http://secunia.com/advisories/22087
http://secunia.com/advisories/22114
http://secunia.com/advisories/22556
VUPEN http://www.vupen.com/english/advisories/2006/3424
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/28699

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-05 01:02:45
  • Multiple Updates
2021-05-04 12:04:31
  • Multiple Updates
2021-04-22 01:05:11
  • Multiple Updates
2020-05-24 01:02:43
  • Multiple Updates
2020-05-23 00:18:20
  • Multiple Updates
2017-07-20 09:23:52
  • Multiple Updates
2016-06-28 15:56:39
  • Multiple Updates
2016-04-26 15:02:10
  • Multiple Updates
2014-09-17 13:25:44
  • Multiple Updates
2014-02-17 10:37:10
  • Multiple Updates
2013-05-11 11:08:22
  • Multiple Updates