[3.7] awstats: Path traversal flaws (CVE-2017-1000501)
Two path traversal flaws in awstats in awstats 7.6 and earlier,
that could be leveraged for unauthenticated remote code execution.
References:
http://openwall.com/lists/oss-security/2017/12/29/1
Patches:
Path traversal in the awstats.pl “config” parameter:
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
Path traversal in the awstats.pl “migrate” parameter:
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
(from redmine: issue id 8372, created on 2018-01-02, closed on 2018-01-12)
- Relations:
- parent #8370 (closed)
- Changesets:
- Revision 1cef74ce on 2018-01-05T13:45:17Z:
main/awstats: security fix (CVE-2017-1000501)
Fixes #8372
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information