Debian Security Advisory DSA 1679-1 (awstats) Network Vulnerability

Summary

The remote host is missing an update to awstats announced via advisory DSA 1679-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201679-1

Insight

Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the config request parameter (and possibly others CVE-2008-3714). For the stable distribution (etch), this problem has been fixed in version 6.5+dfsg-1+etch1. The unstable (sid) and testing (lenny) distribution will be fixed soon. We recommend that you upgrade your awstats package.

Severity

Classification

CVE CVE-2008-3714

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1007-1 (drupal)
Debian Security Advisory DSA 1025-1 (dia)
Debian Security Advisory DSA 036-1 (mc)
Debian Security Advisory DSA 041-1 (joe)
Debian Security Advisory DSA 1058-1 (awstats)

Take action and discover your vulnerabilities