This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PKG:WEBMIN-SHOWCGI-CMDEXEC
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Webmin show.cgi Command Execution
|
Release Date |
2013/01/07
|
Update Number |
2222
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Webmin show.cgi Command Execution
This signature detects attempts to exploit a known vulnerability against Webmin. A successful attack can lead to command injection and execution within the context of the vulnerable application.
Extended Description
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Affected Products
- Gentoo webmin 1.140
- Gentoo webmin 1.150
- Gentoo webmin 1.160
- Gentoo webmin 1.170
- Gentoo webmin 1.180
- Gentoo webmin 1.200
- Gentoo webmin 1.210
- Gentoo webmin 1.220
- Gentoo webmin 1.230
- Gentoo webmin 1.240
- Gentoo webmin 1.260
- Gentoo webmin 1.270
- Gentoo webmin 1.280
- Gentoo webmin 1.290
- Gentoo webmin 1.300
- Gentoo webmin 1.310
- Gentoo webmin 1.320
- Gentoo webmin 1.330
- Gentoo webmin 1.340
- Gentoo webmin 1.370
- Gentoo webmin 1.380
- Gentoo webmin 1.390
- Gentoo webmin 1.400
- Gentoo webmin 1.410
- Gentoo webmin 1.420
- Gentoo webmin 1.430
- Gentoo webmin 1.440
- Gentoo webmin 1.450
- Gentoo webmin 1.470
- Gentoo webmin 1.480
- Gentoo webmin 1.500
- Gentoo webmin 1.510
- Gentoo webmin 1.520
- Gentoo webmin 1.530
- Gentoo webmin 1.550
- Gentoo webmin 1.560
- Gentoo webmin 1.570
- Gentoo webmin 1.580
- Gentoo webmin 1.590
References