6 matches found
FreeBSD : www/awstats -- Partial absolute pathname (bba3f684-9b1d-11ed-9a3f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bba3f684-9b1d-11ed-9a3f-b42e991fc52e advisory. - In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the...
USN-4953-1 awstats vulnerabilities
Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-29600 It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access...
Fedora 33 : awstats (2020-4cba5f2846)
Security fix for CVE-2020-35176 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora: Security Advisory for awstats (FEDORA-2020-4cba5f2846)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-35176
AWStats vulnerability CVE-2020-35176 affects AWStats up to version 7.8, where cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting /etc), enabling directory traversal and potential filesystem access. Root cause cited as an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...