CVE-2006-4542

CVE Descriptions

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Usermin>>Usermin >> Version To (including) 1.220

Usermin>>Usermin >> Version 0.4

Usermin>>Usermin >> Version 0.5

Usermin>>Usermin >> Version 0.6

Usermin>>Usermin >> Version 0.7

Usermin>>Usermin >> Version 0.8

Usermin>>Usermin >> Version 0.9

Usermin>>Usermin >> Version 0.91

Usermin>>Usermin >> Version 0.92

Usermin>>Usermin >> Version 0.93

Usermin>>Usermin >> Version 0.94

Usermin>>Usermin >> Version 0.95

Usermin>>Usermin >> Version 0.96

Usermin>>Usermin >> Version 0.97

Usermin>>Usermin >> Version 0.98

Usermin>>Usermin >> Version 0.99

Usermin>>Usermin >> Version 1.000

Usermin>>Usermin >> Version 1.010

Usermin>>Usermin >> Version 1.020

Usermin>>Usermin >> Version 1.030

Usermin>>Usermin >> Version 1.040

Usermin>>Usermin >> Version 1.051

Usermin>>Usermin >> Version 1.060

Usermin>>Usermin >> Version 1.070

Usermin>>Usermin >> Version 1.080

Usermin>>Usermin >> Version 1.090

Usermin>>Usermin >> Version 1.100

Usermin>>Usermin >> Version 1.110

Usermin>>Usermin >> Version 1.120

Usermin>>Usermin >> Version 1.130

Usermin>>Usermin >> Version 1.140

Usermin>>Usermin >> Version 1.150

Usermin>>Usermin >> Version 1.210

Webmin>>Webmin >> Version To (including) 1.2.90

Webmin>>Webmin >> Version 0.1

Webmin>>Webmin >> Version 0.2

Webmin>>Webmin >> Version 0.3

Webmin>>Webmin >> Version 0.4

Webmin>>Webmin >> Version 0.5

Webmin>>Webmin >> Version 0.6

Webmin>>Webmin >> Version 0.7

Webmin>>Webmin >> Version 0.21

Webmin>>Webmin >> Version 0.22

Webmin>>Webmin >> Version 0.31

Webmin>>Webmin >> Version 0.41

Webmin>>Webmin >> Version 0.42

Webmin>>Webmin >> Version 0.51

Webmin>>Webmin >> Version 0.76

Webmin>>Webmin >> Version 0.77

Webmin>>Webmin >> Version 0.78

Webmin>>Webmin >> Version 0.79

Webmin>>Webmin >> Version 0.80

Webmin>>Webmin >> Version 0.83

Webmin>>Webmin >> Version 0.84

Webmin>>Webmin >> Version 0.85

Webmin>>Webmin >> Version 0.88

Webmin>>Webmin >> Version 0.90

Webmin>>Webmin >> Version 0.91

Webmin>>Webmin >> Version 0.92

Webmin>>Webmin >> Version 0.92.1

Webmin>>Webmin >> Version 0.93

Webmin>>Webmin >> Version 0.94

Webmin>>Webmin >> Version 0.95

Webmin>>Webmin >> Version 0.96

Webmin>>Webmin >> Version 0.97

Webmin>>Webmin >> Version 0.98

Webmin>>Webmin >> Version 0.99

Webmin>>Webmin >> Version 1.0.00

Webmin>>Webmin >> Version 1.0.10

Webmin>>Webmin >> Version 1.0.20

Webmin>>Webmin >> Version 1.0.30

Webmin>>Webmin >> Version 1.0.40

Webmin>>Webmin >> Version 1.0.50

Webmin>>Webmin >> Version 1.0.51

Webmin>>Webmin >> Version 1.0.60

Webmin>>Webmin >> Version 1.0.70

Webmin>>Webmin >> Version 1.0.80

Webmin>>Webmin >> Version 1.0.90

Webmin>>Webmin >> Version 1.1.00

Webmin>>Webmin >> Version 1.1.10

Webmin>>Webmin >> Version 1.1.20

Webmin>>Webmin >> Version 1.1.21

Webmin>>Webmin >> Version 1.1.30

Webmin>>Webmin >> Version 1.1.40

Webmin>>Webmin >> Version 1.1.50

Webmin>>Webmin >> Version 1.2.20

Webmin>>Webmin >> Version 1.2.30

Webmin>>Webmin >> Version 1.2.40

Webmin>>Webmin >> Version 1.2.50

Webmin>>Webmin >> Version 1.2.60

Webmin>>Webmin >> Version 1.2.70

Webmin>>Webmin >> Version 1.2.80

References

http://jvn.jp/jp/JVN%2399776858/index.html
Tags : third-party-advisory, x_refsource_JVN

http://www.securityfocus.com/bid/19820
Tags : vdb-entry, x_refsource_BID

http://secunia.com/advisories/22114
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html
Tags : x_refsource_MISC

http://www.vupen.com/english/advisories/2006/3424
Tags : vdb-entry, x_refsource_VUPEN

http://secunia.com/advisories/21690
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.debian.org/security/2006/dsa-1199
Tags : vendor-advisory, x_refsource_DEBIAN

http://www.osvdb.org/28338
Tags : vdb-entry, x_refsource_OSVDB

http://secunia.com/advisories/22087
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.osvdb.org/28337
Tags : vdb-entry, x_refsource_OSVDB

http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
Tags : vendor-advisory, x_refsource_MANDRIVA

http://securitytracker.com/id?1016776
Tags : vdb-entry, x_refsource_SECTRACK

http://webmin.com/security.html
Tags : x_refsource_CONFIRM

http://secunia.com/advisories/22556
Tags : third-party-advisory, x_refsource_SECUNIA

http://securitytracker.com/id?1016777
Tags : vdb-entry, x_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
Tags : vdb-entry, x_refsource_XF

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	3.41%	–	–
2022-02-20	–	–	3.41%	–	–
2022-04-03	–	–	3.41%	–	–
2022-06-26	–	–	3.41%	–	–
2023-02-26	–	–	3.41%	–	–
2023-03-12	–	–	–	1.15%	–
2023-03-19	–	–	–	1.35%	–
2023-04-30	–	–	–	1.26%	–
2023-06-04	–	–	–	1.74%	–
2023-07-16	–	–	–	1.77%	–
2023-08-20	–	–	–	1.5%	–
2023-09-24	–	–	–	2.03%	–
2023-12-10	–	–	–	2%	–
2024-03-10	–	–	–	2%	–
2024-03-17	–	–	–	2.45%	–
2024-06-02	–	–	–	2.45%	–
2024-06-02	–	–	–	2.45%	–
2024-12-22	–	–	–	3.09%	–
2025-01-19	–	–	–	3.09%	–
2025-03-18	–	–	–	–	1.73%
2025-04-24	–	–	–	–	2.85%
2025-05-01	–	–	–	–	2.85%
2025-05-04	–	–	–	–	2.85%
2025-05-16	–	–	–	–	2.85%
2025-06-16	–	–	–	–	3.49%
2025-08-04	–	–	–	–	1.66%
2025-09-29	–	–	–	–	2.52%
2025-11-18	–	–	–	–	2.52%
2025-11-21	–	–	–	–	2.52%

Date	Percentile
2022-02-06	66%
2022-02-20	67%
2022-04-03	83%
2022-06-26	84%
2023-02-26	85%
2023-03-12	83%
2023-03-19	84%
2023-04-30	84%
2023-06-04	86%
2023-07-16	86%
2023-08-20	85%
2023-09-24	88%
2023-12-10	88%
2024-03-10	89%
2024-03-17	9%
2024-06-02	9%
2024-06-02	9%
2024-12-22	91%
2025-01-19	91%
2025-03-18	81%
2025-04-24	85%
2025-05-01	86%
2025-05-04	85%
2025-05-16	86%
2025-06-16	87%
2025-08-04	81%
2025-09-29	85%
2025-11-18	84%
2025-11-21	85%

CVE-2006-4542 : Detail