FreeBSD Local Security Checks : FreeBSD Ports: awstats

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52186

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: awstats

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: awstats

CVE-2005-0362
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary
commands via shell metacharacters in the (1) 'pluginmode', (2)
'loadplugin', or (3) 'noloadplugin' parameters.

CVE-2005-0363
awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute
arbitrary commands via shell metacharacters in the config parameter.

CVE-2005-0435
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read
server web logs by setting the loadplugin and pluginmode parameters to
rawlog.

CVE-2005-0436
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and
6.4 allows remote attackers to execute portions of Perl code via the
PluginMode parameter.

CVE-2005-0437
Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4
allows remote attackers to include arbitrary Perl modules via .. (dot
dot) sequences in the loadplugin parameter.

CVE-2005-0438
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain
sensitive information by setting the debug parameter.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0362
http://www.osvdb.org/16089
Common Vulnerability Exposure (CVE) ID: CVE-2005-0363
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488
Debian Security Information: DSA-682 (Google Search)
http://www.debian.org/security/2005/dsa-682
Common Vulnerability Exposure (CVE) ID: CVE-2005-0435
Bugtraq: 20050214 AWStats <= 6.4 Multiple vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/390368
http://secunia.com/advisories/14299
XForce ISS Database: awstats-awstatpl-obtain-information(19333)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19333
Common Vulnerability Exposure (CVE) ID: CVE-2005-0436
http://www.osvdb.org/13832
XForce ISS Database: awstats-function-code-execution(19336)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19336
Common Vulnerability Exposure (CVE) ID: CVE-2005-0437
Common Vulnerability Exposure (CVE) ID: CVE-2005-0438
XForce ISS Database: awstats-information-disclosure(19477)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19477

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52186
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: awstats
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: awstats CVE-2005-0362 awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) 'pluginmode', (2) 'loadplugin', or (3) 'noloadplugin' parameters. CVE-2005-0363 awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. CVE-2005-0435 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. CVE-2005-0436 Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. CVE-2005-0437 Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. CVE-2005-0438 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0362 http://www.osvdb.org/16089 Common Vulnerability Exposure (CVE) ID: CVE-2005-0363 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488 Debian Security Information: DSA-682 (Google Search) http://www.debian.org/security/2005/dsa-682 Common Vulnerability Exposure (CVE) ID: CVE-2005-0435 Bugtraq: 20050214 AWStats <= 6.4 Multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/390368 http://secunia.com/advisories/14299 XForce ISS Database: awstats-awstatpl-obtain-information(19333) https://exchange.xforce.ibmcloud.com/vulnerabilities/19333 Common Vulnerability Exposure (CVE) ID: CVE-2005-0436 http://www.osvdb.org/13832 XForce ISS Database: awstats-function-code-execution(19336) https://exchange.xforce.ibmcloud.com/vulnerabilities/19336 Common Vulnerability Exposure (CVE) ID: CVE-2005-0437 Common Vulnerability Exposure (CVE) ID: CVE-2005-0438 XForce ISS Database: awstats-information-disclosure(19477) https://exchange.xforce.ibmcloud.com/vulnerabilities/19477
Copyright	Copyright (C) 2008 E-Soft Inc.