SB2020072755 - Gentoo update for AWStats
Published: July 27, 2020 Updated: July 27, 2020
Security Bulletin ID
SB2020072755
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Path traversal (CVE-ID: CVE-2017-1000501)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
Remediation
Install update from vendor's website.