oss-sec mailing list archives
Re: CVE request: awstats before 7.1 awredir.pl vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 25 Oct 2012 23:45:13 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2012 03:07 AM, Hanno Böck wrote:
http://awstats.sourceforge.net/docs/awstats_changelog.txt - Security fix into awredir.pl I didn't find any more info, but please assign a CVE. (and i found there were awredir issues before that got CVE-2009-5020, but I think this is a different issue, at least if their changelogs are correct)
Please use CVE-2012-4547 for this issue. One question, in CVE-2009-5020 (the last Awstats open redirect): Steve: CONFIRM:http://awstats.sourceforge.net/docs/awstats_changelog.txt Is it possible to include more information in the references like a line of text or the data it was pulled or something? I'm noticing this more and more as I try to verify stuff, could we consider adding a notes field or something? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQiiNoAAoJEBYNRVNeJnmTSbcQAJvzJKn/SF6GewIgStgOsRcM dsWhlG/3ELZ4kS6ikUrHEOd8LbjBCQ2dK3JK9kTNxp3cY2xuFtBbnTFy3of3YSjZ 1rjsK9xvWbm5+2DHJDbtH2cFuh6jF/Bpx33agf1gYiF0hXcTRfc6zCPerI7Zjtbt NRcY3yN7yNyZd9C0mY2iT9RWZyqM5tIDRRCkQfVklbltEZOrvgBmXfYSXjTVpzUR 5q4KGcHVYNvr4gVItyg7z3uaADqIhtCw0QZFgQ/YXSDigxWf8qFNvypHm790RY9Q ilQI6B0E9se+x7ypZda/T7eqxAyzaVUFahIOzg6fstrUCp2FrAbnB5m065JCYzuQ Q3/Sqy81y12r5p6bbppulzlBgI0zQxT0n+Ayvylea/rp6hcpe82OocnxDVqaw6/z ovAjZkgDjWogV8TrdgQbW25iKl1A4ib2IEOu5FQbVbM9cT33QhD4GNMx1jSEU/TM x0SN5j4L7PVP2V+zzACAn4qxK8LTUUFy8pRPYckU9DbGICWBHP2CCTsAUWWCTPc5 2K6+RBPQW0LnSTC60Q//3vQDhpbb+myzwpO3GqHQNpIZzvwQWx94jfXNKN2pZusJ 3bYaoDTtBr7GGUfkp/j/8D8ID3fOvKwZ7TN+aZaehbmFGzpumFidHtsu+cf/+umr TVsWRQOzhHntznXjVWEr =e9t/ -----END PGP SIGNATURE-----
Current thread:
- CVE request: awstats before 7.1 awredir.pl vulnerability Hanno Böck (Oct 25)
- Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried (Oct 25)
- Re: CVE request: awstats before 7.1 awredir.pl vulnerability Vincent Danen (Oct 29)
- Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried (Oct 25)