Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2237

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2237
Last Modified 07 Mar 2011 09:35:35
Published 08 May 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2237

Summary

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Vulnerable Systems

Application

  • Awstats 6.4

  • Awstats 6.5


References

OSVDB - 25284

SECUNIA - 19969

MISC - http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html

VUPEN - ADV-2006-1678

BID - 17844

MISC - http://www.osreviews.net/reviews/comm/awstats

CONFIRM - http://awstats.sourceforge.net/awstats_security_news.php

XF - awstats-migrate-command-execution(26287)

UBUNTU - USN-285-1

SUSE - SUSE-SA:2006:033

DEBIAN - DSA-1058

GENTOO - GLSA-200606-06

SECUNIA - 20710

SECUNIA - 20496

SECUNIA - 20186

SECUNIA - 20170


Last Updated: 27 May 2016 10:42:23