Summary
AWStats is prone to an unspecified directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
The impact of this issue is currently unknown. We will update this BID when more information emerges.
Versions prior to AWStats 7.0 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-4369 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability