Apache Stats Extract Function Multiple Input Validation Vulnerabilities

Bugtraq ID:	22388
Class:	Input Validation Error
CVE:	CVE-2007-0930
Remote:	Yes
Local:	No
Published:	Feb 12 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Apache Apache Stats 0.0.2 beta Apache Apache Stats 0.0.1 beta
Not Vulnerable:	Apache Apache Stats 0.0.3 beta

Apache Stats Extract Function Multiple Input Validation Vulnerabilities

Apache Stats is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issue could allow an attacker to compromise the application, execute arbitrary code in the context of the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Versions prior to 0.0.3 are vulnerable.

Apache Stats Extract Function Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a web client.

Apache Stats Extract Function Multiple Input Validation Vulnerabilities

Solution:
The vendor has released version 0.0.3 beta to address these issues. Please see the references for more information.


Apache Stats Apache Stats 0.0.2 beta

• Apache Stats Apache Stats 0.0.3 beta
  http://sourceforge.net/project/showfiles.php?group_id=186822&package_i d=217973&release_id=483466

Apache Stats Extract Function Multiple Input Validation Vulnerabilities

References:

• apacheStats v0.0.3 Beta Released (Apache Stats)
  
• Vendor Homepage (Apache Stats)