Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-2237HistoryMay 08, 2006 - 11:02 p.m.
CVE-2006-2237
2006-05-0823:02:00
Debian Security Bug Tracker
security-tracker.debian.org
11
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.955 High
EPSS
Percentile
99.4%
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 11 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 10 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 999 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 13 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
Related
saint
saint
AWStats migrate parameter command injection
2006-05-11 00:00:00
AWStats migrate parameter command injection
2006-05-11 00:00:00
AWStats migrate parameter command injection
2006-05-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 1058-1 (awstats)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1058-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200606-06 (awstats)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
2006-05-18 16:28:08
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
2006-05-18 16:28:08
nessus
nessus
AWStats migrate Parameter Arbitrary Command Execution
2006-05-08 00:00:00
Ubuntu 5.04 / 5.10 : awstats vulnerability (USN-285-1)
2006-05-23 00:00:00
Debian DSA-1058-1 : awstats - missing input sanitising
2006-10-14 00:00:00
packetstorm
packetstorm
AWStats migrate Remote Command Execution
2009-10-30 00:00:00
ubuntu
ubuntu
awstats vulnerability
2006-05-23 00:00:00
nvd
nvd
CVE-2006-2237
2006-05-08 23:02:00
prion
prion
Code injection
2006-05-08 23:02:00
cve
cve
CVE-2006-2237
2006-05-08 23:02:00
cvelist
cvelist
CVE-2006-2237
2006-05-08 23:00:00
ubuntucve
ubuntucve
CVE-2006-2237
2006-05-08 00:00:00
osv
osv
awstats - missing input sanitising
2006-05-18 00:00:00
gentoo
gentoo
AWStats: Remote execution of arbitrary code
2006-06-07 00:00:00
suse
suse
remote code execution in awstats
2006-06-20 09:02:21
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.955 High
EPSS
Percentile
99.4%
Related for DEBIANCVE:CVE-2006-2237