Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <f17ddf39-6ace-8086-de6d-eef34945cf9f@cpanel.net>
Date: Wed, 27 Dec 2017 09:21:41 -0600
From: John Lightsey <jd@...nel.net>
To: oss-security@...ts.openwall.com
Subject: Path traversal flaws in awstats 7.6 and earlier.

Hi there,

The cPanel Security Team discovered two path traversal flaws in awstats
that could be leveraged for unauthenticated remote code execution. Both
issues have been submitted to the DWF CVE request page at
https://iwantacve.org/.


Path traversal in the awstats.pl "config" parameter:

https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899


Path traversal in the awstats.pl "migrate" parameter:

https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651


Download attachment "smime.p7s" of type "application/pkcs7-signature" (3982 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.