CVE-2003-0101
Last modified
CVE-2003-0101 is a vulnerability of currently unknown severity. miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.. EPSS estimates a 15.47% chance of exploitation in the next 30 days.
Description
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Engardelinux | Guardian Digital Webtool | 1.2 |
| Usermin | Usermin | 0.4 |
| Usermin | Usermin | 0.5 |
| Usermin | Usermin | 0.6 |
| Usermin | Usermin | 0.7 |
| Usermin | Usermin | 0.8 |
| Usermin | Usermin | 0.9 |
| Usermin | Usermin | 0.91 |
| Usermin | Usermin | 0.92 |
| Usermin | Usermin | 0.93 |
| Usermin | Usermin | 0.94 |
| Usermin | Usermin | 0.95 |
| Usermin | Usermin | 0.96 |
| Usermin | Usermin | 0.97 |
| Usermin | Usermin | 0.98 |
| Usermin | Usermin | 0.99 |
| Webmin | Webmin | 1.0.50 |
| Webmin | Webmin | 1.0.60 |
References
- http://www.iss.net/security_center/static/11390.phpVendor Advisory
- http://www.iss.net/security_center/static/11390.phpVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2003-0101?
How severe is CVE-2003-0101?
How do I fix CVE-2003-0101?
Are you affected by CVE-2003-0101?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST