- Home
- CVEs with nessus.description==Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidentally, it was not fixed yet.
The new default behaviour is not to accept arbitrary configuration directories from the user. This can be overwritten by the AWSTATS_ENABLE_CONFIG_DIR environment variable when users are to be trusted.
The old stable distribution (woody) does not seem to be affected by this problem.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top