|
Description
|
|
Two vulnerabilities have been identified in AWStats, which could be exploited by remote attackers to gain knowledge of sensitive information or compromise a vulnerable web server.
The first issue is caused by an input validation error when specifying a configuration file directory on Windows, which could be exploited by attackers to inject and execute arbitrary code by loading a malicious configuration file from a SMB share.
The second vulnerability is caused by an input validation error related to LoadPlugin, which could allow directory traversal attacks.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
AWStats version 6.95 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to AWStats version 7.0.
|
|
|
|
|
|
CVE
|
|
CVE-2010-4369
CVE-2010-4368
CVE-2010-4367
|
|
|
|
|
|
References
|
|
http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://www.kb.cert.org/vuls/id/870532
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
