Lucene search

CVE-2020-35176

🗓️ 12 Dec 2020 00:12:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 128 Views🌐 WEB

AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathnam

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 74
Veracode	Arbitrary File Read	23 Dec 202021:54	–	veracode
Veracode	Remote Code Execution	10 May 202023:23	–	veracode
Veracode	Remote Code Execution	13 Dec 202004:24	–	veracode
Ubuntu	AWStats vulnerabilities	13 May 202100:00	–	ubuntu
Ubuntu	AWStats vulnerability	8 Jan 201800:00	–	ubuntu
OSV	CVE-2020-35176	12 Dec 202000:15	–	osv
OSV	awstats vulnerabilities	13 May 202117:12	–	osv
OSV	awstats - security update	23 Dec 202000:00	–	osv
OSV	CVE-2020-29600	7 Dec 202020:15	–	osv
OSV	CVE-2017-1000501	3 Jan 201815:29	–	osv

Nvd

Node

awstats awstatsRange≤7.8

Node

debian debian_linuxMatch9.0

Node

fedoraproject fedoraMatch32

fedoraproject fedoraMatch33

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHYCKLW5VPM6KP2WZW6DCCVHVBG7YCW/
lists	www.lists.debian.org/debian-lts-announce/2020/12/msg00035.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/
github	www.github.com/eldy/awstats/issues/195

Parameter	Position	Path	Description	CWE
config	query param	cgi-bin/awstats.pl	AWStats allows for partial pathname bypass in the config parameter, leading to potential exposure of sensitive files.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Dec 2020 00:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS25

CVSS35.3

EPSS0.06216

CWE-22