VYPR
Unrated severityNVD Advisory· Published May 28, 2001· Updated Jun 16, 2026

CVE-2001-1074

CVE-2001-1074

Description

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Affected products

7
  • Webmin/Webmin7 versions
    cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*
    • cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*
    • (no CPE)range: <=0.84

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.