AWStats Multiple Unspecified Remote Input Validation Vulnerabilities
BID:12270
Info
AWStats Multiple Unspecified Remote Input Validation Vulnerabilities
| Bugtraq ID: | 12270 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2005 12:00AM |
| Updated: | Jan 15 2005 12:00AM |
| Credit: | iDEFENSE is credited with the discovery of one of these issues. The individual or individuals responsible for discovery of the other issue are currently unknown. The vendor reported these issues. |
| Vulnerable: |
AWStats AWStats 6.2 AWStats AWStats 6.1 AWStats AWStats 6.0 AWStats AWStats 5.9 AWStats AWStats 5.8 AWStats AWStats 5.7 AWStats AWStats 5.6 AWStats AWStats 5.5 AWStats AWStats 5.4 AWStats AWStats 5.3 AWStats AWStats 5.2 AWStats AWStats 5.1 AWStats AWStats 5.0 |
| Not Vulnerable: |
AWStats AWStats 6.3 |
Discussion
AWStats Multiple Unspecified Remote Input Validation Vulnerabilities
Multiple unspecified remote input validation vulnerabilities affect AWStats. These issues are due to a failure of the application to perform proper validation on user-supplied input prior to using it to carry out some critical function.
Although unconfirmed an attacker may leverage these issues to execute commands and disclose sensitive information with the privileges of the underlying Web server.
Multiple unspecified remote input validation vulnerabilities affect AWStats. These issues are due to a failure of the application to perform proper validation on user-supplied input prior to using it to carry out some critical function.
Although unconfirmed an attacker may leverage these issues to execute commands and disclose sensitive information with the privileges of the underlying Web server.
Exploit / POC
AWStats Multiple Unspecified Remote Input Validation Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
AWStats Multiple Unspecified Remote Input Validation Vulnerabilities
Solution:
The vendor has released an upgrade dealing with this issue.
AWStats AWStats 5.0
AWStats AWStats 5.1
AWStats AWStats 5.2
AWStats AWStats 5.3
AWStats AWStats 5.4
AWStats AWStats 5.5
AWStats AWStats 5.6
AWStats AWStats 5.7
AWStats AWStats 5.8
AWStats AWStats 5.9
AWStats AWStats 6.0
AWStats AWStats 6.1
AWStats AWStats 6.2
Solution:
The vendor has released an upgrade dealing with this issue.
AWStats AWStats 5.0
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.1
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.2
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.3
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.4
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.5
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.6
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.7
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.8
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 5.9
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 6.0
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 6.1
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
AWStats AWStats 6.2
-
AWStats AWStats 6.3
http://awstats.sourceforge.net/files/awstats-6.3.tgz
References
AWStats Multiple Unspecified Remote Input Validation Vulnerabilities
References:
References:
- AWStats Change Log (AWStats)
- AWStats Homepage (AWStats)
- AWStats Remote Command Execution Vulnerability (iDEFENSE)