CVE-2012-2983
UnknownEPSS 20.46%
Last modified
CVE-2012-2983 is a vulnerability of currently unknown severity. file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.. EPSS estimates a 20.46% chance of exploitation in the next 30 days.
Description
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Webmin | <= 1.590 |
| Gentoo | Webmin | 1.140 |
| Gentoo | Webmin | 1.150 |
| Gentoo | Webmin | 1.160 |
| Gentoo | Webmin | 1.170 |
| Gentoo | Webmin | 1.180 |
| Gentoo | Webmin | 1.200 |
| Gentoo | Webmin | 1.210 |
| Gentoo | Webmin | 1.220 |
| Gentoo | Webmin | 1.230 |
| Gentoo | Webmin | 1.240 |
| Gentoo | Webmin | 1.260 |
| Gentoo | Webmin | 1.270 |
| Gentoo | Webmin | 1.280 |
| Gentoo | Webmin | 1.290 |
| Gentoo | Webmin | 1.300 |
| Gentoo | Webmin | 1.310 |
| Gentoo | Webmin | 1.320 |
| Gentoo | Webmin | 1.330 |
| Gentoo | Webmin | 1.340 |
| Gentoo | Webmin | 1.370 |
| Gentoo | Webmin | 1.380 |
| Gentoo | Webmin | 1.390 |
| Gentoo | Webmin | 1.400 |
| Gentoo | Webmin | 1.410 |
| Gentoo | Webmin | 1.420 |
| Gentoo | Webmin | 1.430 |
| Gentoo | Webmin | 1.440 |
| Gentoo | Webmin | 1.450 |
| Gentoo | Webmin | 1.470 |
| Gentoo | Webmin | 1.480 |
| Gentoo | Webmin | 1.500 |
| Gentoo | Webmin | 1.510 |
| Gentoo | Webmin | 1.520 |
| Gentoo | Webmin | 1.530 |
| Gentoo | Webmin | 1.550 |
| Gentoo | Webmin | 1.560 |
| Gentoo | Webmin | 1.570 |
| Gentoo | Webmin | 1.580 |
References
- http://www.kb.cert.org/vuls/id/788478Patch, US Government Resource
- http://www.kb.cert.org/vuls/id/788478Patch, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-2983?
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
How severe is CVE-2012-2983?
Severity scoring for CVE-2012-2983 is pending analysis. The EPSS model estimates a 20.46% probability of exploitation in the next 30 days.
How do I fix CVE-2012-2983?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2012-2983?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST