CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
Configurations

Configuration 1 (hide)

cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

History

14 Feb 2024, 16:58

Type Values Removed Values Added
First Time Debian
Debian debian Linux
Canonical ubuntu Linux
Canonical
CWE NVD-CWE-Other CWE-94
CPE cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*
References () http://secunia.com/advisories/16412 - Patch, Vendor Advisory () http://secunia.com/advisories/16412 - Broken Link, Patch, Vendor Advisory
References () http://secunia.com/advisories/17463 - () http://secunia.com/advisories/17463 - Broken Link
References () http://securitytracker.com/id?1014636 - Patch () http://securitytracker.com/id?1014636 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () http://www.debian.org/security/2005/dsa-892 - () http://www.debian.org/security/2005/dsa-892 - Mailing List, Third Party Advisory
References () http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false - () http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false - Broken Link
References () http://www.novell.com/linux/security/advisories/2005_19_sr.html - () http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link
References () http://www.osvdb.org/18696 - Patch () http://www.osvdb.org/18696 - Broken Link, Patch
References () http://www.securiteam.com/unixfocus/5DP0J00GKE.html - Vendor Advisory () http://www.securiteam.com/unixfocus/5DP0J00GKE.html - Broken Link, Vendor Advisory
References () http://www.securityfocus.com/bid/14525 - () http://www.securityfocus.com/bid/14525 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 - Third Party Advisory, VDB Entry
References () https://usn.ubuntu.com/167-1/ - () https://usn.ubuntu.com/167-1/ - Broken Link

Information

Published : 2005-08-15 04:00

Updated : 2024-02-14 16:58


NVD link : CVE-2005-1527

Mitre link : CVE-2005-1527

CVE.ORG link : CVE-2005-1527


JSON object : View

Products Affected

awstats

  • awstats

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')