AWStats Unspecified 'LoadPlugin' Directory Traversal Vulnerability Network Vulnerability

Summary

AWStats is prone to an unspecified directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. The impact of this issue is currently unknown. We will update this BID when more information emerges. Versions prior to AWStats 7.0 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://awstats.sourceforge.net/
http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://sourceforge.net/tracker/?func=detail&aid=2537928&group_id=13764&atid=113764
https://www.securityfocus.com/bid/45210

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4369
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability

Take action and discover your vulnerabilities