Launchpad CVE tracker

CVE 2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.

Related bugs and status

CVE-2005-0437 (Candidate) is related to these bugs:

Bug #12019: Arbitrary command execution

Summary				In	Importance	Status
	12019	Arbitrary command execution		awstats (Ubuntu)	High	Fix Released
	12019	Arbitrary command execution		awstats (Debian)	Unknown	Fix Released

Bug #12066: awstats: possible remote command execution vulnerability (iDEFENSE)

Summary				In	Importance	Status
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Ubuntu)	High	Invalid
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Debian)	Unknown	Fix Released

Bug #12726: awstats: Arbitrary command execution not completely fixed

Summary				In	Importance	Status
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Ubuntu)	High	Fix Released
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0437

References