Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1527

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1527
Last Modified 05 Sep 2008 04:49:24
Published 15 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1527

Summary

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

Vulnerable Systems

Operating System

  • Ubuntu Linux 5.04

Application

  • Awstats 5.0

  • Awstats 5.1

  • Awstats 5.2

  • Awstats 5.3

  • Awstats 5.4

  • Awstats 5.5

  • Awstats 5.6

  • Awstats 5.7

  • Awstats 5.8

  • Awstats 5.9

  • Awstats 6.0

  • Awstats 6.1

  • Awstats 6.2

  • Awstats 6.3


References

XF - awstats-eval-execute-commands(21769)

OSVDB - 18696

SECTRACK - 1014636

SECUNIA - 16412

UBUNTU - USN-167-1

BID - 14525

MISC - http://www.securiteam.com/unixfocus/5DP0J00GKE.html

SUSE - SUSE-SR:2005:019

IDEFENSE - 20050809 AWStats ShowInfoURL Remote Command Execution Vulnerability

DEBIAN - DSA-892

SECUNIA - 17463


Last Updated: 27 May 2016 10:40:12