Fedora Local Security Checks : Fedora Core 8 FEDORA-2008-10938 (awstats)

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 61204 CVE Beschreibungen und 32582 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.62831

Kategorie: Fedora Local Security Checks

Titel: Fedora Core 8 FEDORA-2008-10938 (awstats)

Zusammenfassung: Fedora Core 8 FEDORA-2008-10938 (awstats)

Beschreibung:
The remote host is missing an update to awstats
announced via advisory FEDORA-2008-10938.

Advanced Web Statistics is a powerful and featureful tool that generates
advanced web server graphic statistics. This server log analyzer works
from command line or as a CGI and shows you all information your log contains,
in graphical web pages. It can analyze a lot of web/wap/proxy servers like
Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or ftp servers.

This program can measure visits, unique vistors, authenticated users, pages,
domains/countries, OS busiest times, robot visits, type of files, search
engines/keywords used, visits duration, HTTP errors and more...
Statistics can be updated from a browser or your scheduler.
The program also supports virtual servers, plugins and a lot of features.

With the default configuration, the statistics are available:
http://localhost/awstats/awstats.pl

Update Information:

Use Debian's patch for CVE-2008-3714 (rh#474396)
ChangeLog:

* Sat Dec 6 2008 Aurelien Bompard 6.8-3
- Use Debian's patch for CVE-2008-3714 (rh#474396)
* Sat Aug 23 2008 Aurelien Bompard 6.8-2
- Add upstream patch for CVE-2008-3714
* Mon Jul 21 2008 Aurelien Bompard 6.8-1
- version 6.8
* Fri Mar 14 2008 Aurelien Bompard 6.7-3
- SELinux policy is included upstream
- Fix cron job (bug 435101)
* Sun Dec 2 2007 Aurelien Bompard 6.7-2
- awstats does not actually require httpd (bug 406901)
References:

[ 1 ] Bug #474396 - CVE-2008-5080 awstats: incomplete fix for CVE-2008-3714 XSS issue
https://bugzilla.redhat.com/show_bug.cgi?id=474396

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update awstats' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-10938

Risk factor : Medium

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-3714
Debian Security Information: DSA-1679 (Google Search)
http://www.debian.org/security/2008/dsa-1679
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:203
http://www.ubuntu.com/usn/usn-686-1
BugTraq ID: 30730
http://www.securityfocus.com/bid/30730
http://secunia.com/advisories/33002
http://www.vupen.com/english/advisories/2008/2399
http://www.securitytracker.com/id?1020704
http://secunia.com/advisories/31519
http://secunia.com/advisories/31759
http://secunia.com/advisories/32939
XForce ISS Database: awstats-awstats-xss(44504)
http://xforce.iss.net/xforce/xfdb/44504
Common Vulnerability Exposure (CVE) ID: CVE-2008-5080
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
XForce ISS Database: awstats-querystring-xss(47116)
http://xforce.iss.net/xforce/xfdb/47116

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.62831
Kategorie:	Fedora Local Security Checks
Titel:	Fedora Core 8 FEDORA-2008-10938 (awstats)
Zusammenfassung:	Fedora Core 8 FEDORA-2008-10938 (awstats)
Beschreibung:	The remote host is missing an update to awstats announced via advisory FEDORA-2008-10938. Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers like Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or ftp servers. This program can measure visits, unique vistors, authenticated users, pages, domains/countries, OS busiest times, robot visits, type of files, search engines/keywords used, visits duration, HTTP errors and more... Statistics can be updated from a browser or your scheduler. The program also supports virtual servers, plugins and a lot of features. With the default configuration, the statistics are available: http://localhost/awstats/awstats.pl Update Information: Use Debian's patch for CVE-2008-3714 (rh#474396) ChangeLog: * Sat Dec 6 2008 Aurelien Bompard 6.8-3 - Use Debian's patch for CVE-2008-3714 (rh#474396) * Sat Aug 23 2008 Aurelien Bompard 6.8-2 - Add upstream patch for CVE-2008-3714 * Mon Jul 21 2008 Aurelien Bompard 6.8-1 - version 6.8 * Fri Mar 14 2008 Aurelien Bompard 6.7-3 - SELinux policy is included upstream - Fix cron job (bug 435101) * Sun Dec 2 2007 Aurelien Bompard 6.7-2 - awstats does not actually require httpd (bug 406901) References: [ 1 ] Bug #474396 - CVE-2008-5080 awstats: incomplete fix for CVE-2008-3714 XSS issue https://bugzilla.redhat.com/show_bug.cgi?id=474396 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update awstats' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-10938 Risk factor : Medium
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3714 Debian Security Information: DSA-1679 (Google Search) http://www.debian.org/security/2008/dsa-1679 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:203 http://www.ubuntu.com/usn/usn-686-1 BugTraq ID: 30730 http://www.securityfocus.com/bid/30730 http://secunia.com/advisories/33002 http://www.vupen.com/english/advisories/2008/2399 http://www.securitytracker.com/id?1020704 http://secunia.com/advisories/31519 http://secunia.com/advisories/31759 http://secunia.com/advisories/32939 XForce ISS Database: awstats-awstats-xss(44504) http://xforce.iss.net/xforce/xfdb/44504 Common Vulnerability Exposure (CVE) ID: CVE-2008-5080 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21 XForce ISS Database: awstats-querystring-xss(47116) http://xforce.iss.net/xforce/xfdb/47116
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com