Webmin 0.84 and previous versions does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webmin webmin 0.6 |
||
webmin webmin 0.7 |
||
webmin webmin 0.5 |
||
webmin webmin 0.80 |
||
webmin webmin 0.83 |
||
webmin webmin 0.84 |