14 matches found
EUVD-2020-21961
Malware in sbrugna...
EUVD-2020-22864
Malware in sbrugna...
Mageia: Security Advisory (MGASA-2018-0045)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerabilities fixed in AWStats
Vulnerabilities have been fixed in AWStats. An unauthenticated malicious party could exploit the vulnerabilities to perform a path traversal attack that could gain access to arbitrary files. In doing so, the vulnerabilities can only exploited only to read key/value pairs that can be parsed by...
Arbitrary File Read
AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100050...
Format string
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
Debian DSA-4092-1 : awstats - security update
The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Fedora 26 : awstats (2018-17ba1a2393)
Security fix for CVE-2017-1000501 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora 27 : awstats (2018-7edfa0cfbf)
Security fix for CVE-2017-1000501 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
[SECURITY] [DLA 1238-1] awstats security update
Package : awstats Version : 7.0dfsg-7+deb7u1 CVE ID : CVE-2017-1000501 Debian Bug : 885835 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. For Debian 7 "Wheezy", the...
FreeBSD : awstats -- remote code execution (4055aee5-f4c6-11e7-95f2-005056925db4)
Mitre reports : Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the 'config' and 'migrate' parameters resulting in unauthenticated remote code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
CVE-2017-1000501
AWStats is affected by a path-traversal vulnerability in cgi-bin/awstats.pl?config= (and related migrate/config handling) that can disclose or modify files due to improper handling of absolute/partial paths. The issue is described as affecting AWStats 7.7 and earlier, with an incomplete fix in CV...
CVE-2017-1000501
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...