 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.62831 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 8 FEDORA-2008-10938 (awstats) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to awstats announced via advisory FEDORA-2008-10938. Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers like Apache, IIS, Weblogic, Webstar, Squid, ... but also mail or ftp servers. This program can measure visits, unique vistors, authenticated users, pages, domains/countries, OS busiest times, robot visits, type of files, search engines/keywords used, visits duration, HTTP errors and more... Statistics can be updated from a browser or your scheduler. The program also supports virtual servers, plugins and a lot of features. With the default configuration, the statistics are available: http://localhost/awstats/awstats.pl Update Information: Use Debian's patch for CVE-2008-3714 (rh#474396) ChangeLog: * Sat Dec 6 2008 Aurelien Bompard 6.8-3 - Use Debian's patch for CVE-2008-3714 (rh#474396) * Sat Aug 23 2008 Aurelien Bompard 6.8-2 - Add upstream patch for CVE-2008-3714 * Mon Jul 21 2008 Aurelien Bompard 6.8-1 - version 6.8 * Fri Mar 14 2008 Aurelien Bompard 6.7-3 - SELinux policy is included upstream - Fix cron job (bug 435101) * Sun Dec 2 2007 Aurelien Bompard 6.7-2 - awstats does not actually require httpd (bug 406901) References: [ 1 ] Bug #474396 - CVE-2008-5080 awstats: incomplete fix for CVE-2008-3714 XSS issue https://bugzilla.redhat.com/show_bug.cgi?id=474396 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update awstats' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-10938 Risk factor : Medium CVSS Score: 4.3 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-3714 BugTraq ID: 30730 http://www.securityfocus.com/bid/30730 Debian Security Information: DSA-1679 (Google Search) http://www.debian.org/security/2008/dsa-1679 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:203 http://www.securitytracker.com/id?1020704 http://secunia.com/advisories/31519 http://secunia.com/advisories/31759 http://secunia.com/advisories/32939 http://secunia.com/advisories/33002 http://www.ubuntu.com/usn/usn-686-1 http://www.vupen.com/english/advisories/2008/2399 XForce ISS Database: awstats-awstats-xss(44504) https://exchange.xforce.ibmcloud.com/vulnerabilities/44504 Common Vulnerability Exposure (CVE) ID: CVE-2008-5080 33002 USN-686-1 awstats-querystring-xss(47116) https://exchange.xforce.ibmcloud.com/vulnerabilities/47116 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21 https://bugzilla.redhat.com/show_bug.cgi?id=474396 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |