CVE-2004-0582 - Vulnerability Details - OpenCVE

Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Webmin	Webmin

Configuration 1 [-]

cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848
http://marc.info/?l=bugtraq&m=108697184602191&w=2
http://www.debian.org/security/2004/dsa-526
http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
http://www.securityfocus.com/bid/10474
http://www.securityfocus.com/bid/10522
http://www.webmin.com/changes-1.150.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/16333

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-06-23T04:00:00

Updated: 2024-08-08T00:24:26.361Z

Reserved: 2004-06-18T00:00:00

Link: CVE-2004-0582

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-08-06T04:00:00.000

Modified: 2024-11-20T23:48:54.503

Link: CVE-2004-0582

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10474", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10474"}, {"name": "DSA-526", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-526"}, {"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108697184602191&w=2"}, {"name": "MDKSA-2004:074", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"name": "CLA-2004:848", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848"}, {"name": "webmin-bypass-security(16333)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.webmin.com/changes-1.150.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"}, {"name": "GLSA-200406-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"name": "10522", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10522"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0582", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10474", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10474"}, {"name": "DSA-526", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-526"}, {"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108697184602191&w=2"}, {"name": "MDKSA-2004:074", "refsource": "MANDRAKE", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"name": "CLA-2004:848", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848"}, {"name": "webmin-bypass-security(16333)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"}, {"name": "http://www.webmin.com/changes-1.150.html", "refsource": "CONFIRM", "url": "http://www.webmin.com/changes-1.150.html"}, {"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html", "refsource": "MISC", "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"}, {"name": "GLSA-200406-12", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"name": "10522", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10522"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:24:26.361Z"}, "title": "CVE Program Container", "references": [{"name": "10474", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10474"}, {"name": "DSA-526", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-526"}, {"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108697184602191&w=2"}, {"name": "MDKSA-2004:074", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"name": "CLA-2004:848", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848"}, {"name": "webmin-bypass-security(16333)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.webmin.com/changes-1.150.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"}, {"name": "GLSA-200406-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"name": "10522", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10522"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0582", "datePublished": "2004-06-23T04:00:00", "dateReserved": "2004-06-18T00:00:00", "dateUpdated": "2024-08-08T00:24:26.361Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*", "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."}, {"lang": "es", "value": "Vulnerabilidad desconocidad en Webmin 1.140 permite a atacantes remotos saltarse reglas de control de acceso y conseguir acceso de lectura a informaci\u00f3n de configuraci\u00f3n de un m\u00f3dulo."}], "id": "CVE-2004-0582", "lastModified": "2024-11-20T23:48:54.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-06T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108697184602191&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-526"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"source": "cve@mitre.org", "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10474"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10522"}, {"source": "cve@mitre.org", "url": "http://www.webmin.com/changes-1.150.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=108697184602191&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2004/dsa-526"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10474"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.webmin.com/changes-1.150.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}