Summary
AWStats is prone to an unspecified directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
The impact of this issue is currently unknown. We will update this BID when more information emerges.
Versions prior to AWStats 7.0 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-4369 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability