Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2001-1074

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

  • Published: May 28, 2001
  • Updated: Apr 13, 2023
  • CVE: CVE-2001-1074
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.2
  • AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
webmin / webmin 0.7 0.7.x
webmin / webmin 0.6 0.6.x
webmin / webmin 0.83 0.83.x
webmin / webmin 0.84 0.84.x
webmin / webmin 0.80 0.80.x
webmin / webmin 0.5 0.5.x