oss-sec mailing list archives
Re: Path traversal flaws in awstats 7.6 and earlier.
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 6 Jan 2018 10:33:33 +0100
Hi, On Wed, 27 Dec 2017 09:21:41 -0600 John Lightsey <jd () cpanel net> wrote:
The cPanel Security Team discovered two path traversal flaws in awstats that could be leveraged for unauthenticated remote code execution.
On https://awstats.sourceforge.io/#DOWNLOAD the latest version is still 7.6 On the github repo you linked the latest version is 7.5. Are you in contact with the developers? It's not exactly ideal that there's a publicly known remote code execution and there is no new release containing the fix. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- Re: Path traversal flaws in awstats 7.6 and earlier. Hanno Böck (Jan 06)
- Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Jan 06)
- Re: Path traversal flaws in awstats 7.6 and earlier. Stefan Pietsch (Jan 07)