Test Kennung:	1.3.6.1.4.1.25623.1.0.113135
Kategorie:	Web application abuses
Titel:	Webmin 1.880 Information Disclosure Vulnerability
Zusammenfassung:	Webmin is prone to an information disclosure vulnerability that allows non-privileged users to access arbitrary files.
Beschreibung:	Summary: Webmin is prone to an information disclosure vulnerability that allows non-privileged users to access arbitrary files. Vulnerability Insight: An issue was discovered in Webmin when the default Yes setting of 'Can view any file as a log file' is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a 'GET /syslog/save_log.cgi?view=1&file=/etc/shadow' request. Vulnerability Impact: Successful exploitation would allow an attacker to access any file on the system, ranging from sensitive documents to administrator passwords. Affected Software/OS: Webmin through version 1.880 Solution: No patch is available as of 15th March, 2018. As a mitigation technique, the setting 'Can view any file as a log file' can be disabled, effectively stopping a user from exploiting this vulnerability. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-8712 https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.