Description
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters.
Product(s):
- AWStats 4.0
- AWStats 4.0 Beta
- AWStats 5.0
- AWStats 5.0 Beta
- AWStats 5.1
- AWStats 5.1 Beta
- AWStats 5.2
- AWStats 5.2 Beta
- AWStats 5.3
- AWStats 5.3 Beta
- AWStats 5.4
- AWStats 5.4 Beta
- AWStats 5.5
- AWStats 5.5 Beta
- AWStats 5.7
- AWStats 5.7 Beta
- AWStats 5.8
- AWStats 5.8 Beta
- AWStats 5.9
- AWStats 5.9 Beta
- AWStats 6.0
- AWStats 6.0 Beta
- AWStats 6.1
- AWStats 6.1 Beta
- AWStats 6.2
- AWStats 6.2 Beta
- AWStats 6.3
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0362, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0362 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.