CVE 2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.

Related bugs and status

CVE-2005-0435 (Candidate) is related to these bugs:

Bug #12019: Arbitrary command execution

Summary				In	Importance	Status
	12019	Arbitrary command execution		awstats (Ubuntu)	High	Fix Released
	12019	Arbitrary command execution		awstats (Debian)	Unknown	Fix Released

Bug #12066: awstats: possible remote command execution vulnerability (iDEFENSE)

Summary				In	Importance	Status
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Ubuntu)	High	Invalid
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Debian)	Unknown	Fix Released

Bug #12726: awstats: Arbitrary command execution not completely fixed

Summary				In	Importance	Status
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Ubuntu)	High	Fix Released
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.