[3.4) awstats: Path traversal flaws (CVE-2017-1000501)
Two path traversal flaws in awstats in awstats 7.6 and earlier,
that could be leveraged for unauthenticated remote code execution.
References:
http://openwall.com/lists/oss-security/2017/12/29/1
Patches:
Path traversal in the awstats.pl “config” parameter:
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
Path traversal in the awstats.pl “migrate” parameter:
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
(from redmine: issue id 8375, created on 2018-01-02, closed on 2018-01-12)
- Relations:
- parent #8370 (closed)
- Changesets:
- Revision 56ce34d2 on 2018-01-05T13:51:02Z:
main/awstats: security fix (CVE-2017-1000501)
Fixes #8375