Family: Ubuntu Local Security Checks --> Category: infos
USN285-1 : awstats vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The remote package "awstats" is missing a security patch.
AWStats did not properly sanitize the 'migrate' CGI parameter. If the
update of the stats via web front-end is allowed, a remote attacker
could execute arbitrary commands on the server with the rights of
the AWStats server.
This does not affect AWStats installations which only build static
Upgrade to :
- awstats-6.4-1ubuntu1.1 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.