5.1

CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AwstatsAwstats Version6.4
AwstatsAwstats Version6.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 58.36% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20496
http://security.gentoo.org/glsa/glsa-200606-06.xml
http://awstats.sourceforge.net/awstats_security_news.php
http://secunia.com/advisories/19969
Patch
Vendor Advisory
http://secunia.com/advisories/20170
http://secunia.com/advisories/20186
http://secunia.com/advisories/20710
http://www.debian.org/security/2006/dsa-1058
http://www.novell.com/linux/security/advisories/2006_33_awstats.html
http://www.osreviews.net/reviews/comm/awstats
http://www.osvdb.org/25284
Patch
http://www.securityfocus.com/bid/17844
http://www.vupen.com/english/advisories/2006/1678
http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/26287
https://usn.ubuntu.com/285-1/