Summary
The remote host is missing an update to awstats
announced via advisory DSA 1058-1.
Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
The old stable distribution (woody) is not affected by this problem.
Solution
For the stable distribution (sarge) this problem has been fixed in version 6.4-1sarge2.
For the unstable distribution (sid) this problem has been fixed in version 6.5-2.
We recommend that you upgrade your awstats package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201058-1
Severity
Classification
-
CVE CVE-2006-2237 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities