Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
References
Configurations
History
20 Nov 2024, 23:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/16412 - Broken Link, Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/17463 - Broken Link | |
References | () http://securitytracker.com/id?1014636 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () http://www.debian.org/security/2005/dsa-892 - Mailing List, Third Party Advisory | |
References | () http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false - Broken Link | |
References | () http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link | |
References | () http://www.osvdb.org/18696 - Broken Link, Patch | |
References | () http://www.securiteam.com/unixfocus/5DP0J00GKE.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/14525 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 - Third Party Advisory, VDB Entry | |
References | () https://usn.ubuntu.com/167-1/ - Broken Link |
14 Feb 2024, 16:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux Canonical ubuntu Linux Canonical |
|
CWE | CWE-94 | |
CPE | cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:* cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:* cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:* cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:* cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:* |
References | () http://secunia.com/advisories/16412 - Broken Link, Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/17463 - Broken Link | |
References | () http://securitytracker.com/id?1014636 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () http://www.debian.org/security/2005/dsa-892 - Mailing List, Third Party Advisory | |
References | () http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false - Broken Link | |
References | () http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link | |
References | () http://www.osvdb.org/18696 - Broken Link, Patch | |
References | () http://www.securiteam.com/unixfocus/5DP0J00GKE.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/14525 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 - Third Party Advisory, VDB Entry | |
References | () https://usn.ubuntu.com/167-1/ - Broken Link |
Information
Published : 2005-08-15 04:00
Updated : 2024-11-20 23:57
NVD link : CVE-2005-1527
Mitre link : CVE-2005-1527
CVE.ORG link : CVE-2005-1527
JSON object : View
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
awstats
- awstats
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')