[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Path traversal flaws in awstats 7.6 and earlier.
From: John Lightsey <jd () cpanel ! net>
Date: 2017-12-29 21:48:56
Message-ID: a1b5f72d-2e4b-74de-353e-db94970a1535 () cpanel ! net
[Download RAW message or body]
On 12/27/17 9:21 AM, John Lightsey wrote:
> Hi there,
>
> The cPanel Security Team discovered two path traversal flaws in awstats
> that could be leveraged for unauthenticated remote code execution. Both
> issues have been submitted to the DWF CVE request page at
> https://iwantacve.org/.
>
>
> Path traversal in the awstats.pl "config" parameter:
>
> https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
>
>
> Path traversal in the awstats.pl "migrate" parameter:
>
> https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
>
These issues were assigned CVE-2017-1000501
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic