Launchpad CVE tracker

CVE 2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.

Related bugs and status

CVE-2005-0436 (Candidate) is related to these bugs:

Bug #12019: Arbitrary command execution

Summary				In	Importance	Status
	12019	Arbitrary command execution		awstats (Ubuntu)	High	Fix Released
	12019	Arbitrary command execution		awstats (Debian)	Unknown	Fix Released

Bug #12066: awstats: possible remote command execution vulnerability (iDEFENSE)

Summary				In	Importance	Status
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Ubuntu)	High	Invalid
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Debian)	Unknown	Fix Released

Bug #12726: awstats: Arbitrary command execution not completely fixed

Summary				In	Importance	Status
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Ubuntu)	High	Fix Released
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0436

References