Lucene search
Veracode Vulnerability DatabaseVERACODE:28808HistoryDec 23, 2020 - 9:54 p.m.
Arbitrary File Read
2020-12-2321:54:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
awstats
vulnerability
file read
cgi
incomplete fix
cve-2017-1000501
cve-2020-29600
EPSS
0.083
Percentile
94.5%
AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
References
github.com/eldy/awstats/issues/195
lists.debian.org/debian-lts-announce/2020/12/msg00035.html
lists.fedoraproject.org/archives/list/[email protected]/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/
lists.fedoraproject.org/archives/list/[email protected]/message/BRHYCKLW5VPM6KP2WZW6DCCVHVBG7YCW/
security-tracker.debian.org/tracker/CVE-2020-35176
Related
ubuntu
ubuntu
AWStats vulnerabilities
2021-05-13 00:00:00
AWStats vulnerability
2018-01-08 00:00:00
openvas
openvas
AWStats <= 7.8 File Read Vulnerability
2020-12-18 00:00:00
Ubuntu: Security Advisory (USN-4953-1)
2021-05-14 00:00:00
Fedora: Security Advisory for awstats (FEDORA-2020-d1aa0e030c)
2021-01-11 00:00:00
nvd
nvd
CVE-2020-35176
2020-12-12 00:15:12
CVE-2020-29600
2020-12-07 20:15:12
CVE-2017-1000501
2018-01-03 15:29:00
cve
cve
CVE-2020-35176
2020-12-12 00:15:12
CVE-2020-29600
2020-12-07 20:15:12
CVE-2017-1000501
2018-01-03 15:29:00
nessus
nessus
FreeBSD : www/awstats -- Partial absolute pathname (bba3f684-9b1d-11ed-9a3f-b42e991fc52e)
2023-01-23 00:00:00
Fedora 32 : awstats (2020-d1aa0e030c)
2021-01-11 00:00:00
osv
osv
CVE-2020-35176
2020-12-12 00:15:12
awstats vulnerabilities
2021-05-13 17:12:49
CVE-2020-29600
2020-12-07 20:15:12
redhatcve
redhatcve
CVE-2020-35176
2022-05-20 23:27:46
CVE-2020-29600
2022-05-20 23:23:57
alpinelinux
alpinelinux
CVE-2020-35176
2020-12-12 00:15:12
CVE-2020-29600
2020-12-07 20:15:12
CVE-2017-1000501
2018-01-03 15:29:00
archlinux
archlinux
[ASA-202103-15] awstats: directory traversal
2021-03-25 00:00:00
debiancve
debiancve
CVE-2020-35176
2020-12-12 00:15:12
CVE-2020-29600
2020-12-07 20:15:12
CVE-2017-1000501
2018-01-03 15:29:00
freebsd
freebsd
www/awstats -- Partial absolute pathname
2022-12-11 00:00:00
awstats -- remote code execution
2018-01-03 00:00:00
prion
prion
ubuntucve
ubuntucve
CVE-2020-35176
2020-12-12 00:00:00
CVE-2020-29600
2020-12-07 00:00:00
CVE-2017-1000501
2018-01-03 00:00:00
cvelist
cvelist
CVE-2020-35176
2020-12-11 23:16:22
CVE-2020-29600
2020-12-07 19:52:14
CVE-2017-1000501
2018-01-03 15:00:00
debian
debian
[SECURITY] [DLA 2506-1] awstats security update
2020-12-23 15:18:26
[SECURITY] [DSA 4092-1] awstats security update
2018-01-19 09:13:06
[SECURITY] [DSA 4092-1] awstats security update
2018-01-19 09:13:06
fedora
fedora
[SECURITY] Fedora 32 Update: awstats-7.8-2.fc32
2021-01-08 02:52:03
[SECURITY] Fedora 27 Update: awstats-7.6-8.fc27
2018-01-12 01:53:19
[SECURITY] Fedora 26 Update: awstats-7.6-4.fc26
2018-01-16 16:57:11
mageia
mageia
Updated awstats packages fix security vulnerability
2018-01-03 17:22:14
Updated awstats package fixes a security vulnerability
2021-01-14 18:13:25
veracode
veracode
Remote Code Execution
2020-05-10 23:23:54
Remote Code Execution
2020-12-13 04:24:57
gentoo
gentoo
AWStats: Multiple vulnerabilities
2020-07-27 00:00:00