CVE-2001-1074

Published: May 28, 2001Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Affected (6)

Products: Webmin: Webmin

Webmin

1 product

Webmin

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Webmin Webmin	Version 0.5
Webmin Webmin	Version 0.6
Webmin Webmin	Version 0.7
Webmin Webmin	Version 0.80
Webmin Webmin	Version 0.83
Webmin Webmin	Version 0.84

References (10)

http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html

Source: cve@mitre.org

Vendor Advisory

http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt

Source: cve@mitre.org

PatchVendor Advisory

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/2795

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/6627

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html