Lucene search

K

[email protected]NVD:CVE-2006-2644

HistoryMay 30, 2006 - 10:02 a.m.

CVE-2006-2644

2006-05-3010:02:00

[email protected]

web.nvd.nist.gov

2

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

Affected configurations

NVD

Node

awstatsawstatsMatch6.4_1sarge1

OR

awstatsawstatsMatch6.5

OR

awstatsawstatsMatch6.5_1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910

secunia.com/advisories/20164

secunia.com/advisories/20283

secunia.com/advisories/20502

secunia.com/advisories/20710

www.debian.org/security/2006/dsa-1075

www.novell.com/linux/security/advisories/2006_33_awstats.html

www.osreviews.net/reviews/comm/awstats

www.securityfocus.com/bid/18327

www.vupen.com/english/advisories/2006/1998

usn.ubuntu.com/290-1/

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

Related for NVD:CVE-2006-2644

debiancve1 ubuntu1 ubuntucve1 openvas3 prion1 cve1 nessus4 cvelist1 suse1