Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2005-0116HistoryJan 18, 2005 - 5:00 a.m.
CVE-2005-0116
2005-01-1805:00:00
Debian Security Bug Tracker
security-tracker.debian.org
11
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | awstats | < 6.2-1.1 | awstats_6.2-1.1_all.deb |
| Debian | 11 | all | awstats | < 6.2-1.1 | awstats_6.2-1.1_all.deb |
| Debian | 10 | all | awstats | < 6.2-1.1 | awstats_6.2-1.1_all.deb |
| Debian | 999 | all | awstats | < 6.2-1.1 | awstats_6.2-1.1_all.deb |
| Debian | 13 | all | awstats | < 6.2-1.1 | awstats_6.2-1.1_all.deb |
Related
packetstorm
packetstorm
AWStats configdir Remote Command Execution
2009-10-30 00:00:00
nessus
nessus
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
2005-01-18 00:00:00
FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
GLSA-200501-36 : AWStats: Remote code execution
2005-02-14 00:00:00
saint
saint
AWStats configdir parameter command execution
2006-02-14 00:00:00
AWStats configdir parameter command execution
2006-02-14 00:00:00
AWStats configdir parameter command execution
2006-02-14 00:00:00
ubuntucve
ubuntucve
CVE-2005-0116
2005-01-18 00:00:00
cve
cve
CVE-2005-0116
2005-01-18 05:00:00
openvas
openvas
FreeBSD Ports: awstats
2008-09-04 00:00:00
AWStats 'configdir' Parameter Arbitrary Command Execution Vulnerability
2005-11-03 00:00:00
FreeBSD Ports: awstats
2008-09-04 00:00:00
checkpoint_advisories
checkpoint_advisories
cert
cert
AWStats fails to properly filter user-supplied input
2005-02-10 00:00:00
freebsd
freebsd
awstats -- remote command execution vulnerability
2004-10-21 00:00:00
osv
osv
awstats - missing input sanitising
2005-02-15 00:00:00
debian
debian
[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution
2005-02-15 07:24:38
[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution
2005-02-15 07:24:38
gentoo
gentoo
AWStats: Remote code execution
2005-01-25 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
Related for DEBIANCVE:CVE-2005-0116