Date: Fri, 29 Dec 2017 15:48:56 -0600 From: John Lightsey <jd@...nel.net> To: oss-security@...ts.openwall.com Subject: Re: Path traversal flaws in awstats 7.6 and earlier. On 12/27/17 9:21 AM, John Lightsey wrote: > Hi there, > > The cPanel Security Team discovered two path traversal flaws in awstats > that could be leveraged for unauthenticated remote code execution. Both > issues have been submitted to the DWF CVE request page at > https://iwantacve.org/. > > > Path traversal in the awstats.pl "config" parameter: > > https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899 > > > Path traversal in the awstats.pl "migrate" parameter: > > https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651 > These issues were assigned CVE-2017-1000501 Download attachment "smime.p7s" of type "application/pkcs7-signature" (3982 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ