Server-Side Request Forgery in Webmin by Vendor Webmin
CVE-2017-15644

8.6HIGH

Key Information:

Vendor

Webmin

Status
Webmin
Vendor
CVE Published:
19 October 2017

What is CVE-2017-15644?

A Server-Side Request Forgery (SSRF) vulnerability exists in Webmin 1.850 that allows an attacker to send unauthorized requests from the server to internal resources. This is accomplished by manipulating the PATH_INFO to the tunnel/link.cgi endpoint, enabling potential access to sensitive internal services. Investigating and mitigating this vulnerability is crucial to protect network integrity and prevent unauthorized data exposure.

References

http://www.webmin.com/security.html
x_refsource_MISC
https://github.com/webmin/webmin/commit/0c58892732ee7610a...
x_refsource_MISC
https://blogs.securiteam.com/index.php/archives/3430
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2017-15644 : Server-Side Request Forgery in Webmin by Vendor Webmin