CVE-2006-3392 - Vulnerability Details - OpenCVE

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Usermin	Usermin
Webmin	Webmin

Configuration 1 [-]

OR	cpe:2.3:a:usermin:usermin::::::::
	cpe:2.3:a:webmin:webmin::::::::

No data.

References

Link	Providers
http://attrition.org/pipermail/vim/2006-July/000923.html
http://attrition.org/pipermail/vim/2006-June/000912.html
http://secunia.com/advisories/20892
http://secunia.com/advisories/21105
http://secunia.com/advisories/21365
http://secunia.com/advisories/22556
http://security.gentoo.org/glsa/glsa-200608-11.xml
http://www.debian.org/security/2006/dsa-1199
http://www.kb.cert.org/vuls/id/999601
http://www.mandriva.com/security/advisories?name=MDKSA-2006:125
http://www.osvdb.org/26772
http://www.securityfocus.com/archive/1/439653/100/0/threaded
http://www.securityfocus.com/archive/1/440125/100/0/threaded
http://www.securityfocus.com/archive/1/440466/100/0/threaded
http://www.securityfocus.com/archive/1/440493/100/0/threaded
http://www.securityfocus.com/bid/18744
http://www.vupen.com/english/advisories/2006/2612
http://www.webmin.com/changes.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-06T20:00:00

Updated: 2024-08-07T18:30:32.634Z

Reserved: 2006-07-06T00:00:00

Link: CVE-2006-3392

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-07-06T20:05:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3392

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21365", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21365"}, {"name": "GLSA-200608-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.webmin.com/changes.html"}, {"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"}, {"name": "21105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21105"}, {"name": "18744", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18744"}, {"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"}, {"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"}, {"name": "VU#999601", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/999601"}, {"name": "DSA-1199", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1199"}, {"name": "20060630 Webmin traversal - changelog", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"}, {"name": "20892", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20892"}, {"name": "MDKSA-2006:125", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"}, {"name": "ADV-2006-2612", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2612"}, {"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"}, {"name": "26772", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26772"}, {"name": "22556", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22556"}, {"name": "20060711 Re: Webmin traversal - changelog", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3392", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21365", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21365"}, {"name": "GLSA-200608-11", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"}, {"name": "http://www.webmin.com/changes.html", "refsource": "CONFIRM", "url": "http://www.webmin.com/changes.html"}, {"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"}, {"name": "21105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21105"}, {"name": "18744", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18744"}, {"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"}, {"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"}, {"name": "VU#999601", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/999601"}, {"name": "DSA-1199", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1199"}, {"name": "20060630 Webmin traversal - changelog", "refsource": "VIM", "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"}, {"name": "20892", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20892"}, {"name": "MDKSA-2006:125", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"}, {"name": "ADV-2006-2612", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2612"}, {"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"}, {"name": "26772", "refsource": "OSVDB", "url": "http://www.osvdb.org/26772"}, {"name": "22556", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22556"}, {"name": "20060711 Re: Webmin traversal - changelog", "refsource": "VIM", "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:32.634Z"}, "title": "CVE Program Container", "references": [{"name": "21365", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21365"}, {"name": "GLSA-200608-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.webmin.com/changes.html"}, {"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"}, {"name": "21105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21105"}, {"name": "18744", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18744"}, {"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"}, {"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"}, {"name": "VU#999601", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/999601"}, {"name": "DSA-1199", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1199"}, {"name": "20060630 Webmin traversal - changelog", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"}, {"name": "20892", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20892"}, {"name": "MDKSA-2006:125", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"}, {"name": "ADV-2006-2612", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2612"}, {"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"}, {"name": "26772", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26772"}, {"name": "22556", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22556"}, {"name": "20060711 Re: Webmin traversal - changelog", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3392", "datePublished": "2006-07-06T20:00:00", "dateReserved": "2006-07-06T00:00:00", "dateUpdated": "2024-08-07T18:30:32.634Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*", "matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E", "versionEndIncluding": "1.210", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A061012-19EE-4A9E-9AFC-75DF24D316C5", "versionEndIncluding": "1.2.80", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."}, {"lang": "es", "value": "Las aplicaciones Webmin antes de su versi\u00f3n 1.290 y Usermin antes de la 1.220 llaman a la funci\u00f3n simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias \"..% 01\", evitando de esta manera la supresi\u00f3n del nombre de fichero de las secuencias \"../\" anteriores a octetos del estilo de \"%01\". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274."}], "id": "CVE-2006-3392", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-06T20:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"}, {"source": "cve@mitre.org", "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20892"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21105"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21365"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22556"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1199"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/999601"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.osvdb.org/26772"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18744"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2612"}, {"source": "cve@mitre.org", "url": "http://www.webmin.com/changes.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/999601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.osvdb.org/26772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.webmin.com/changes.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}