'Re: [oss-security] Path traversal flaws in awstats 7.6 and earlier.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Path traversal flaws in awstats 7.6 and earlier.
From:       John Lightsey <jd () cpanel ! net>
Date:       2017-12-29 21:48:56
Message-ID: a1b5f72d-2e4b-74de-353e-db94970a1535 () cpanel ! net
[Download RAW message or body]


On 12/27/17 9:21 AM, John Lightsey wrote:
> Hi there,
> 
> The cPanel Security Team discovered two path traversal flaws in awstats
> that could be leveraged for unauthenticated remote code execution. Both
> issues have been submitted to the DWF CVE request page at
> https://iwantacve.org/.
> 
> 
> Path traversal in the awstats.pl "config" parameter:
> 
> https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
> 
> 
> Path traversal in the awstats.pl "migrate" parameter:
> 
> https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
> 

These issues were assigned CVE-2017-1000501


["smime.p7s" (application/pkcs7-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic