Vulnerabilities > CVE-2001-1196 - Directory Traversal vulnerability in Webmin 0.91
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Webmin 0.91 Directory Traversal Vulnerability. CVE-2001-1196. Remote exploit for cgi platform |
id | EDB-ID:21183 |
last seen | 2016-02-02 |
modified | 2001-12-17 |
published | 2001-12-17 |
reporter | A. Ramos |
source | https://www.exploit-db.com/download/21183/ |
title | webmin 0.91 - Directory Traversal Vulnerability |
Nessus
NASL family CGI abuses NASL id DANGEROUS_CGIS.NASL description It is possible that the remote web server contains one or more dangerous CGI scripts. Note that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 11748 published 2003-06-17 reporter This script is Copyright (C) 2003-2018 John Lampe source https://www.tenable.com/plugins/nessus/11748 title Multiple Dangerous CGI Script Detection code # # This script was written by John [email protected] # Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr> # # See the Nessus Scripts License for details # Changes by Tenable: # - Revised plugin title, moved CVE from header comment to CVE (4/9/2009) include("compat.inc"); if(description) { script_id(11748); script_version ("1.37"); script_cve_id( "CVE-1999-0934", "CVE-1999-0935", "CVE-1999-0937", "CVE-1999-1072", "CVE-1999-1374", "CVE-1999-1377", "CVE-2000-0288", "CVE-2000-0423", "CVE-2000-0526", "CVE-2000-0923", "CVE-2000-0952", "CVE-2000-0977", "CVE-2000-1023", "CVE-2000-1131", "CVE-2000-1132", "CVE-2001-0022", "CVE-2001-0023", "CVE-2001-0076", "CVE-2001-0099", "CVE-2001-0100", "CVE-2001-0123", "CVE-2001-0133", "CVE-2001-0135", "CVE-2001-0180", "CVE-2001-0420", "CVE-2001-0562", "CVE-2001-1100", "CVE-2001-1196", "CVE-2001-1205", "CVE-2001-1212", "CVE-2001-1283", "CVE-2001-1343", "CVE-2002-0203", "CVE-2002-0230", "CVE-2002-0263", "CVE-2002-0346", "CVE-2002-0611", "CVE-2002-0710", "CVE-2002-0749", "CVE-2002-0750", "CVE-2002-0751", "CVE-2002-0752", "CVE-2002-0917", "CVE-2002-0955", "CVE-2002-1334", "CVE-2002-1334", "CVE-2002-1526", "CVE-2003-0153" ); script_bugtraq_id( 1784, 2177, 2197, 4211, 4579, 5078, 6265 ); script_name(english:"Multiple Dangerous CGI Script Detection"); script_summary(english:"Checks for dangerous cgi scripts"); script_set_attribute(attribute:"synopsis", value: "The remote web server may contain some dangerous CGI scripts." ); script_set_attribute(attribute:"description", value: "It is possible that the remote web server contains one or more dangerous CGI scripts. Note that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities." ); script_set_attribute(attribute:"solution", value: "Visit http://cve.mitre.org/ and check the associated CVE entry for each script found. If you are running a vulnerable version, then delete or upgrade the script." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:ND/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22); script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/17"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/07"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2003-2020 John Lampe"); script_family(english:"CGI abuses"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("Settings/ThoroughTests", "Settings/ParanoidReport"); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); include("global_settings.inc"); if ( report_paranoia < 2 || ! thorough_tests ) exit(0, "This plugin is slow and prone to FP: it will only run in 'paranoid' mode and if the 'Perform thorough tests' setting enabled."); port = get_http_port(default:80, embedded:TRUE); if ( get_kb_item("www/no404/" + port ) || ! port) exit(0); if(!get_port_state(port))exit(0); cgi[0] = "AT-admin.cgi"; cve[0] = "CVE-1999-1072"; cgi[1] = "CSMailto.cgi"; cve[1] = "CVE-2002-0749"; # and CVE-2002-0750, CVE-2002-0751, and CVE-2002-0752 cgi[2] = "UltraBoard.cgi"; cve[2] = "CVE-2001-0135"; cgi[3] = "UltraBoard.pl"; cve[3] = cve[2]; cgi[4] = "YaBB.cgi"; cve[4] = "CVE-2002-0955"; cgi[5] = "a1disp4.cgi"; cve[5] = "CVE-2001-0562"; cgi[6] = "alert.cgi"; cve[6] = "CVE-2002-0346"; cgi[7] = "authenticate.cgi"; cve[7] = "CVE-2000-0923"; cgi[8] = "bbs_forum.cgi"; cve[8] = "CVE-2001-0123"; cgi[9] = "bnbform.cgi"; cve[9] = "CVE-1999-0937"; cgi[10] = "bsguest.cgi"; cve[10] = "CVE-2001-0099"; cgi[11] = "bslist.cgi"; cve[11] = "CVE-2001-0100"; cgi[12] = "catgy.cgi"; cve[12] = "CVE-2001-1212"; cgi[13] = "cgforum.cgi"; cve[13] = "CVE-2000-1132"; cgi[14] = "classifieds.cgi"; cve[14] = "CVE-1999-0934"; cgi[15] = "csPassword.cgi"; cve[15] = "CVE-2002-0917"; cgi[16] = "cvsview2.cgi" ; cve[16] = "CVE-2003-0153"; cgi[17] = "cvslog.cgi"; cve[17] = cve[16]; cgi[18] = "multidiff.cgi"; cve[18] = "CVE-2003-0153"; cgi[19] = "dnewsweb.cgi"; cve[19] = "CVE-2000-0423"; cgi[20] = "download.cgi"; cve[20] = "CVE-1999-1377"; cgi[21] = "edit_action.cgi"; cve[21] = "CVE-2001-1196"; cgi[22] = "emumail.cgi"; cve[22] = "CVE-2002-1526"; cgi[23] = "everythingform.cgi"; cve[23] = "CVE-2001-0023"; cgi[24] = "ezadmin.cgi"; cve[24] = "CVE-2002-0263"; cgi[25] = "ezboard.cgi"; cve[25] = "CVE-2002-0263"; cgi[26] = "ezman.cgi"; cve[26] = cve[25]; cgi[27] = "ezadmin.cgi"; cve[27] = cve[25]; cgi[28] = "FileSeek.cgi"; cve[28] = "CVE-2002-0611"; cgi[29] = "fom.cgi"; cve[29] = "CVE-2002-0230"; cgi[30] = "gbook.cgi"; cve[30] = "CVE-2000-1131"; cgi[31] = "getdoc.cgi"; cve[31] = "CVE-2000-0288"; cgi[32] = "global.cgi"; cve[32] = "CVE-2000-0952"; cgi[33] = "guestserver.cgi"; cve[33] = "CVE-2001-0180"; cgi[34] = "imageFolio.cgi"; cve[34] = "CVE-2002-1334"; cgi[35] = "lastlines.cgi"; cve[35] = "CVE-2001-1205"; cgi[36] = "mailfile.cgi"; cve[36] = "CVE-2000-0977"; cgi[37] = "mailview.cgi"; cve[37] = "CVE-2000-0526"; cgi[38] = "sendmessage.cgi"; cve[38] = "CVE-2001-1100"; cgi[39] = "nsManager.cgi"; cve[39] = "CVE-2000-1023"; cgi[40] = "perlshop.cgi"; cve[40] = "CVE-1999-1374"; cgi[41] = "readmail.cgi"; cve[41] = "CVE-2001-1283"; cgi[42] = "printmail.cgi"; cve[42] = cve[41]; cgi[43] = "register.cgi"; cve[43] = "CVE-2001-0076"; cgi[44] = "sendform.cgi"; cve[44] = "CVE-2002-0710"; cgi[45] = "sendmessage.cgi"; cve[45] = "CVE-2001-1100"; cgi[46] = "service.cgi"; cve[46] = "CVE-2002-0346"; cgi[47] = "setpasswd.cgi"; cve[47] = "CVE-2001-0133"; cgi[48] = "simplestmail.cgi"; cve[48] = "CVE-2001-0022"; cgi[49] = "simplestguest.cgi"; cve[49] = cve[48]; cgi[50] = "talkback.cgi"; cve[50] = "CVE-2001-0420"; cgi[51] = "ttawebtop.cgi"; cve[51] = "CVE-2002-0203"; cgi[52] = "ws_mail.cgi"; cve[52] = "CVE-2001-1343"; cgi[53] = "survey.cgi"; cve[53] = "CVE-1999-0936"; cgi[54] = "rxgoogle.cgi"; cve[54] = "CVE-2004-0251"; cgi[55] = "ShellExample.cgi"; cve[55] = "CVE-2004-0696"; cgi[56] = "Web_Store.cgi"; cve[56] = "CVE-2004-0734"; cgi[57] = "csFAQ.cgi"; cve[57] = "CVE-2004-0665"; flag = 0; directory = ""; mymsg = string("\n", "The following dangerous CGI scripts were found :", "\n\n"); for (i = 0 ; cgi[i]; i = i + 1) { foreach dir (cgi_dirs()) { if(is_cgi_installed_ka(item:string(dir, "/", cgi[i]), port:port)) { flag = 1; mymsg = mymsg + string(" - ", dir, "/", cgi[i], " (", cve[i], ")\n"); } } } if (flag) { security_hole(port:port, extra:mymsg); }
NASL family CGI abuses NASL id WEBMIN_0_91_DIR_TRAVERSAL.NASL description According to its self-reported version, the Webmin install hosted on the remote host is 0.91. It is, therefore, affected by a directory traversal vulnerability in edit_action.cgi. last seen 2020-06-01 modified 2020-06-02 plugin id 108537 published 2018-03-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108537 title Webmin 0.91 Directory Traversal code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108537); script_version("1.4"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2001-1196"); script_bugtraq_id(3698); script_name(english:"Webmin 0.91 Directory Traversal"); script_summary(english:"Checks version of Webmin."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by a directory traversal."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Webmin install hosted on the remote host is 0.91. It is, therefore, affected by a directory traversal vulnerability in edit_action.cgi."); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/3698"); script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Webmin 0.92 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/12/27"); script_set_attribute(attribute:"patch_publication_date", value:"2001/12/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("webmin.nasl"); script_require_keys("www/webmin", "Settings/ParanoidReport"); script_require_ports("Services/www", 10000); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); app = 'Webmin'; port = get_http_port(default:10000, embedded: TRUE); get_kb_item_or_exit('www/'+port+'/webmin'); version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1); source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1); if (report_paranoia < 2) audit(AUDIT_PARANOID); dir = "/"; install_url = build_url(port:port, qs:dir); fix = "0.92"; if (ver_compare(ver:version, fix:"0.91", strict:FALSE) == 0) { report = '\n URL : ' + install_url + '\n Version Source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(severity:SECURITY_HOLE, port:port, extra:report); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);