CVE-2006-2237
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.955 High
EPSS
Percentile
99.4%
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
Affected configurations
References
awstats.sourceforge.net/awstats_security_news.php
secunia.com/advisories/19969
secunia.com/advisories/20170
secunia.com/advisories/20186
secunia.com/advisories/20496
secunia.com/advisories/20710
security.gentoo.org/glsa/glsa-200606-06.xml
www.debian.org/security/2006/dsa-1058
www.novell.com/linux/security/advisories/2006_33_awstats.html
www.osreviews.net/reviews/comm/awstats
www.osvdb.org/25284
www.securityfocus.com/bid/17844
www.vupen.com/english/advisories/2006/1678
www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
exchange.xforce.ibmcloud.com/vulnerabilities/26287
usn.ubuntu.com/285-1/
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.955 High
EPSS
Percentile
99.4%