7.5

CVE-2005-3912

EPSS 12.45%
Published 30.11.2005 11:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.  NOTE: the code execution might be associated with an issue in Perl.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Webmin ≫ Webmin Version >= 1.100 < 1.180

Webmin ≫ Webmin Version >= 1.200 < 1.250

Debian ≫ Debian Linux Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.45%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/18101

Third Party Advisory

http://www.novell.com/linux/security/advisories/2005_30_sr.html

Third Party Advisory

http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html

Patch

Third Party Advisory

http://secunia.com/advisories/17749

Patch

Third Party Advisory

http://secunia.com/advisories/17817

Third Party Advisory

http://secunia.com/advisories/17878

Third Party Advisory

http://secunia.com/advisories/17942

Third Party Advisory

http://secunia.com/advisories/22556

Third Party Advisory

http://www.debian.org/security/2006/dsa-1199

Third Party Advisory

http://www.dyadsecurity.com/webmin-0001.html

Patch

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:223

Third Party Advisory

http://www.securityfocus.com/archive/1/418093/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2005/2660

Third Party Advisory

http://www.webmin.com/changes-1.250.html

Vendor Advisory

http://www.webmin.com/security.html

Vendor Advisory

http://www.webmin.com/uchanges-1.180.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2005-3912

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3912

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3912

EUVD