Launchpad CVE tracker

CVE 2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

Related bugs and status

CVE-2005-0116 (Candidate) is related to these bugs:

Bug #12019: Arbitrary command execution

Summary				In	Importance	Status
	12019	Arbitrary command execution		awstats (Ubuntu)	High	Fix Released
	12019	Arbitrary command execution		awstats (Debian)	Unknown	Fix Released

Bug #12066: awstats: possible remote command execution vulnerability (iDEFENSE)

Summary				In	Importance	Status
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Ubuntu)	High	Invalid
	12066	awstats: possible remote command execution vulnerability (iDEFENSE)		awstats (Debian)	Unknown	Fix Released

Bug #12726: awstats: Arbitrary command execution not completely fixed

Summary				In	Importance	Status
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Ubuntu)	High	Fix Released
	12726	awstats: Arbitrary command execution not completely fixed		awstats (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0116

References