Detections
Analytics

Usermin 'miniserv.pl' Arbitrary File Disclosure

medium Nessus Plugin ID 77704

Language:

Synopsis

The remote web server is affected by an information disclosure flaw.

Description

The Usermin install on the remote host is affected by an information disclosure flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user id.

Solution

Upgrade Usermin 1.220 or later.

See Also

http://www.webmin.com/uchanges.html

Plugin Details

Severity: Medium

ID: 77704

File Name: usermin_1220_info_disclosure.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 9/16/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2006-3392

Vulnerability Information

CPE: cpe:/a:webmin:usermin, cpe:/a:usermin:usermin

Required KB Items: www/usermin

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 6/29/2006

Vulnerability Publication Date: 6/29/2006

Reference Information

CVE: CVE-2006-3392

BID: 18744