CVE-2003-0101

miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.

Published: Mar 3, 2003
Updated: Nov 9, 2025
CVE: CVE-2003-0101
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
usermin / usermin	0.91	0.91.x
usermin / usermin	0.9	0.9.x
webmin / webmin	1.0.60	1.0.60.x
usermin / usermin	0.8	0.8.x
usermin / usermin	0.97	0.97.x
usermin / usermin	0.99	0.99.x
usermin / usermin	0.6	0.6.x
usermin / usermin	0.96	0.96.x
usermin / usermin	0.5	0.5.x
usermin / usermin	0.7	0.7.x
usermin / usermin	0.4	0.4.x
usermin / usermin	0.93	0.93.x
usermin / usermin	0.94	0.94.x
usermin / usermin	0.95	0.95.x
usermin / usermin	0.98	0.98.x
engardelinux / guardian_digital_webtool	1.2	1.2.x
usermin / usermin	0.92	0.92.x
webmin / webmin	1.0.50	1.0.50.x

Vulnerability Database

300,445

CVE-2003-0101

Deep Security Visibility Without the Complexity