Vulnerability Details : CVE-2003-0101
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Products affected by CVE-2003-0101
- cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*
- cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*
- cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0101
6.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0101
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2003-0101
-
http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
-
http://marc.info/?l=bugtraq&m=104610245624895&w=2
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
-
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
-
http://www.securitytracker.com/id?1006160
-
http://www.iss.net/security_center/static/11390.php
Vendor Advisory
-
http://www.lac.co.jp/security/english/snsadv_e/62_e.html
-
http://marc.info/?l=bugtraq&m=104610300325629&w=2
-
http://www.securityfocus.com/bid/6915
-
http://marc.info/?l=webmin-announce&m=104587858408101&w=2
-
http://www.ciac.org/ciac/bulletins/n-058.shtml
-
http://www.debian.org/security/2003/dsa-319
-
http://marc.info/?l=bugtraq&m=104610336226274&w=2
-
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
-
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
Jump to