Webmin/Usermin Session ID Spoofing Unauthenticated Access Vulnerability

Bugtraq ID: 6915
Class: Input Validation Error
CVE: CVE-2003-0101
Remote: Yes
Local: No
Published: Feb 20 2003 12:00AM
Updated: Jul 11 2009 08:06PM
Credit: The discovery of this vulnerability has been credited to Keigo Yamazaki and Cintia M. Imanishi.
Vulnerable: Webmin Webmin 1.0 60
Webmin Webmin 1.0 50
Webmin Webmin 0.990
Webmin Webmin 0.970
Webmin Usermin 0.99
+ Mandriva Linux Mandrake 9.0
Webmin Usermin 0.98
+ HP Apache-Based Web Server 2.0.43 .00
+ HP Apache-Based Web Server 1.3.27 .00
+ HP Webmin-Based Admin 1.0 .01
Webmin Usermin 0.97
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
Webmin Usermin 0.96
Webmin Usermin 0.95
Webmin Usermin 0.94
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Webmin Usermin 0.93
Webmin Usermin 0.92
Webmin Usermin 0.91
Webmin Usermin 0.9
Webmin Usermin 0.8
Webmin Usermin 0.7
Webmin Usermin 0.6
Webmin Usermin 0.5
Webmin Usermin 0.4
SGI IRIX 6.5.19
SGI IRIX 6.5.18
SGI IRIX 6.5.17
SGI IRIX 6.5.16
SGI IRIX 6.5.15
SGI IRIX 6.5.14
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
SCO OpenLinux Workstation 3.1.1
SCO OpenLinux Server 3.1.1
HP Webmin-Based Admin 1.0 .01
- HP HP-UX 11.22
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
HP Apache-Based Web Server 2.0.43 .00
- HP HP-UX 11.22
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
HP Apache-Based Web Server 1.3.27 .00
- HP HP-UX 11.22
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
EnGarde Guardian Digital WebTool 1.2
Not Vulnerable: Webmin Webmin 1.0 70
+ HP Apache-Based Web Server 1.3.27 .01
+ HP Apache-Based Web Server 1.3.27 .01
+ HP Webmin-Based Admin 1.0.1 .01
+ HP Webmin-Based Admin 1.0.1 .01
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
Webmin Usermin 1.0
SGI IRIX 6.5.20


 

Privacy Statement
Copyright 2010, SecurityFocus