7.5

CVE-2005-3912

EPSS 12.45%
Veröffentlicht 30.11.2005 11:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.  NOTE: the code execution might be associated with an issue in Perl.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webmin ≫ Webmin Version >= 1.100 < 1.180

Webmin ≫ Webmin Version >= 1.200 < 1.250

Debian ≫ Debian Linux Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.45%	0.936

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/18101

Third Party Advisory

http://www.novell.com/linux/security/advisories/2005_30_sr.html

Third Party Advisory

http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html

Patch

Third Party Advisory

http://secunia.com/advisories/17749

Patch

Third Party Advisory

http://secunia.com/advisories/17817

Third Party Advisory

http://secunia.com/advisories/17878

Third Party Advisory

http://secunia.com/advisories/17942

Third Party Advisory

http://secunia.com/advisories/22556

Third Party Advisory

http://www.debian.org/security/2006/dsa-1199

Third Party Advisory

http://www.dyadsecurity.com/webmin-0001.html

Patch

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:223

Third Party Advisory

http://www.securityfocus.com/archive/1/418093/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2005/2660

Third Party Advisory

http://www.webmin.com/changes-1.250.html

Vendor Advisory

http://www.webmin.com/security.html

Vendor Advisory

http://www.webmin.com/uchanges-1.180.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2005-3912

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3912

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3912

EUVD