7.5
CVE-2005-3042
- EPSS 4.13%
- Veröffentlicht 22.09.2005 10:03:00
- Zuletzt bearbeitet 16.06.2026 22:16:08
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.13% | 0.895 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/17282
http://www.novell.com/linux/security/advisories/2005_24_sr.html
http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html
http://jvn.jp/jp/JVN%2340940493/index.html
http://secunia.com/advisories/16858
http://securityreason.com/securityalert/17
http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:176
http://www.osvdb.org/19575
http://www.securityfocus.com/bid/14889
http://www.vupen.com/english/advisories/2005/1791
http://www.webmin.com/changes-1.230.html
http://www.webmin.com/uchanges-1.160.html