Lucene search

K
ubuntuUbuntuUSN-1047-1
HistoryJan 24, 2011 - 12:00 a.m.

AWStats vulnerability

2011-01-2400:00:00
ubuntu.com
47

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.005

Percentile

76.8%

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • awstats -

Details

It was discovered that AWStats did not correctly filter the LoadPlugin
configuration option. A local attacker on a shared system could use this
to inject arbitrary code into AWStats.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchawstats< 6.9~dfsg-1ubuntu3.9.10.1UNKNOWN
Ubuntu8.04noarchawstats< 6.7.dfsg-1ubuntu0.2UNKNOWN
Ubuntu6.06noarchawstats< 6.5-1ubuntu1.4UNKNOWN
Ubuntu10.10noarchawstats< 6.9.5~dfsg-3ubuntu0.1UNKNOWN
Ubuntu10.04noarchawstats< 6.9~dfsg-1ubuntu3.10.04.1UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.005

Percentile

76.8%