NuytsTech Security

CVE-2001-1074

by ·

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Date published : 2002-06-25

http://www.securityfocus.com/bid/2795

http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html

Tags: