Executive Summary
| Summary | |
|---|---|
| Title | awstats vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-360-1 | First vendor Publication | 2006-10-10 |
| Vendor | Ubuntu | Last vendor Modification | 2006-10-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: Ubuntu 5.10: Ubuntu 6.06 LTS: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: awstats did not fully sanitize input, which was passed directly to the user's browser, allowing for an XSS attack. If a user was tricked into following a specially crafted awstats URL, the user's authentication information could be exposed for the domain where awstats was hosted. (CVE-2006-3681) awstats could display its installation path under certain conditions. However, this might only become a concern if awstats is installed into an user's home directory. (CVE-2006-3682) |
Original Source
| Url : http://www.ubuntu.com/usn/USN-360-1 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-03-22 | Name : AWStats 'awstats.pl' Multiple Path Disclosure Vulnerability File : nvt/AWStats_cve_2006_3682.nasl |
| 2009-01-07 | Name : FreeBSD Ports: awstats File : nvt/freebsd_awstats3.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 29604 | AWStats awstats.pl Multiple Parameter XSS |
| 25205 | AWStats awstats.pl Multiple Variable Path Disclosure |
| 24745 | AWStats awstats.pl Multiple Parameter XSS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-360-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:03:50 |
|
