Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-2237HistoryMay 08, 2006 - 11:02 p.m.
CVE-2006-2237
2006-05-0823:02:00
Debian Security Bug Tracker
security-tracker.debian.org
12
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.955
Percentile
99.4%
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 11 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 999 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
| Debian | 13 | all | awstats | < 6.5-2 | awstats_6.5-2_all.deb |
Related
saint
saint
AWStats migrate parameter command injection
2006-05-11 00:00:00
AWStats migrate parameter command injection
2006-05-11 00:00:00
AWStats migrate parameter command injection
2006-05-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 1058-1 (awstats)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1058-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200606-06 (awstats)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
2006-05-18 16:28:08
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
2006-05-18 16:28:08
nessus
nessus
Ubuntu 5.04 / 5.10 : awstats vulnerability (USN-285-1)
2006-05-23 00:00:00
AWStats migrate Parameter Arbitrary Command Execution
2006-05-08 00:00:00
Debian DSA-1058-1 : awstats - missing input sanitising
2006-10-14 00:00:00
ubuntu
ubuntu
awstats vulnerability
2006-05-23 00:00:00
nvd
nvd
CVE-2006-2237
2006-05-08 23:02:00
packetstorm
packetstorm
AWStats migrate Remote Command Execution
2009-10-30 00:00:00
exploitdb
exploitdb
AWStats 6.5 - 'migrate' Remote Shell Command Injection
2006-05-06 00:00:00
AWStats 6.4 < 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)
2006-05-04 00:00:00
AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit)
2010-07-03 00:00:00
prion
prion
Code injection
2006-05-08 23:02:00
metasploit
metasploit
AWStats migrate Remote Command Execution
2009-01-15 07:09:56
ubuntucve
ubuntucve
CVE-2006-2237
2006-05-08 00:00:00
cve
cve
CVE-2006-2237
2006-05-08 23:02:00
osv
osv
awstats - missing input sanitising
2006-05-18 00:00:00
cvelist
cvelist
CVE-2006-2237
2006-05-08 23:00:00
seebug
seebug
AWStats 6.4-6.5 AllowToUpdateStatsFromBrowser Command Injection
2006-05-04 00:00:00
gentoo
gentoo
AWStats: Remote execution of arbitrary code
2006-06-07 00:00:00
suse
suse
remote code execution in awstats
2006-06-20 09:02:21
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.955
Percentile
99.4%
Related for DEBIANCVE:CVE-2006-2237