Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Dec 2017 15:48:56 -0600
From: John Lightsey <jd@...nel.net>
To: oss-security@...ts.openwall.com
Subject: Re: Path traversal flaws in awstats 7.6 and earlier.

On 12/27/17 9:21 AM, John Lightsey wrote:
> Hi there,
> 
> The cPanel Security Team discovered two path traversal flaws in awstats
> that could be leveraged for unauthenticated remote code execution. Both
> issues have been submitted to the DWF CVE request page at
> https://iwantacve.org/.
> 
> 
> Path traversal in the awstats.pl "config" parameter:
> 
> https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
> 
> 
> Path traversal in the awstats.pl "migrate" parameter:
> 
> https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
> 

These issues were assigned CVE-2017-1000501


Download attachment "smime.p7s" of type "application/pkcs7-signature" (3982 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ