CVE-2005-0437 - Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to in

CVE-2005-0437

Summary

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.

References

http://secunia.com/advisories/14299
http://www.securityfocus.com/archive/1/390368

Vulnerable Configurations

cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 20:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20050214 AWStats <= 6.4 Multiple vulnerabilities
secunia	14299

Last major update

05-09-2008 - 20:46

Published

02-05-2005 - 04:00

Last modified

05-09-2008 - 20:46