Lucene search
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBMIN_1_860.NASLHistoryMar 22, 2018 - 12:00 a.m.
Webmin 1.850 Multiple Vulnerabilities
2018-03-2200:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
69.1%
According to its self-reported version, the Webmin install hosted on the remote host is version 1.850. It is, therefore, affected by multiple vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(108560);
script_version("1.4");
script_cvs_date("Date: 2019/11/08");
script_cve_id("CVE-2017-15644", "CVE-2017-15645");
script_name(english:"Webmin 1.850 Multiple Vulnerabilities");
script_summary(english:"Checks version of Webmin.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Webmin install hosted on
the remote host is version 1.850. It is, therefore, affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"see_also", value:"http://www.webmin.com/changes.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Webmin 1.860 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/22");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:webmin:webmin");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("webmin.nasl");
script_require_keys("www/webmin", "Settings/ParanoidReport");
script_require_ports("Services/www", 10000);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
app = 'Webmin';
port = get_http_port(default:10000, embedded: TRUE);
get_kb_item_or_exit('www/'+port+'/webmin');
version = get_kb_item_or_exit('www/webmin/'+port+'/version', exit_code:1);
source = get_kb_item_or_exit('www/webmin/'+port+'/source', exit_code:1);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
dir = "/";
install_url = build_url(port:port, qs:dir);
fix = "1.860";
if (ver_compare(ver:version, fix:"1.850", strict:FALSE) == 0)
{
report =
'\n URL : ' + install_url +
'\n Version Source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_report_v4(severity:SECURITY_WARNING, port:port, extra:report, xsrf:TRUE);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
Related
openvas
openvas
Webmin Multiple Vulnerabilities - Linux
2017-10-16 00:00:00
Webmin Multiple Vulnerabilities - Windows
2017-10-16 00:00:00
exploitdb
exploitdb
Webmin 1.850 - Multiple Vulnerabilities
2017-10-15 00:00:00
osv
osv
CVE-2017-15645
2017-10-19 22:29:00
CVE-2017-15644
2017-10-19 22:29:00
prion
prion
Server side request forgery (ssrf)
2017-10-19 22:29:00
Cross site request forgery (csrf)
2017-10-19 22:29:00
cve
cve
CVE-2017-15644
2017-10-19 22:29:00
CVE-2017-15645
2017-10-19 22:29:00
nvd
nvd
CVE-2017-15644
2017-10-19 22:29:00
CVE-2017-15645
2017-10-19 22:29:00
cvelist
cvelist
CVE-2017-15644
2017-10-19 22:00:00
CVE-2017-15645
2017-10-19 22:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
69.1%
Related for WEBMIN_1_860.NASL