Lucene search

K
saintSAINT CorporationSAINT:9061722C309E058F93AE414383240858
HistoryMay 11, 2006 - 12:00 a.m.

AWStats migrate parameter command injection

2006-05-1100:00:00
SAINT Corporation
www.saintcorporation.com
15

0.955 High

EPSS

Percentile

99.4%

Added: 05/11/2006
CVE: CVE-2006-2237
BID: 17844
OSVDB: 25284

Background

AWStats is a web application for showing web, FTP, and mail server statistics.

Problem

AWStats uses the value of the **migrate** input parameter in a PERL open call without sufficient checks for invalid characters, allowing remote command execution.

Resolution

Upgrade to AWStats 6.6 or higher, or disable the **AllowToUpdateStatsFromBrowser** option in the AWStats configuration file.

References

<http://secunia.com/advisories/19969&gt;

0.955 High

EPSS

Percentile

99.4%