Описание
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.6+dfsg-2ubuntu0.18.04.1 |
| devel | not-affected | 7.8-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 7.6+dfsg-2ubuntu0.18.04.1 |
| esm-infra/focal | released | 7.6+dfsg-2ubuntu0.20.04.1 |
| esm-infra/xenial | released | 7.4+dfsg-1ubuntu0.4+esm1 |
| focal | released | 7.6+dfsg-2ubuntu0.20.04.1 |
| groovy | released | 7.6+dfsg-2ubuntu0.20.10.1 |
| hirsute | not-affected | 7.8-1 |
| impish | not-affected | 7.8-1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute ...
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3