Описание
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.6+dfsg-2ubuntu0.18.04.1 |
| devel | not-affected | 7.8 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 7.6+dfsg-2ubuntu0.18.04.1 |
| esm-infra/focal | released | 7.6+dfsg-2ubuntu0.20.04.1 |
| esm-infra/xenial | released | 7.4+dfsg-1ubuntu0.4+esm1 |
| focal | released | 7.6+dfsg-2ubuntu0.20.04.1 |
| groovy | released | 7.6+dfsg-2ubuntu0.20.10.1 |
| hirsute | not-affected | 7.8 |
| impish | not-affected | 7.8 |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3