CVE-2009-5020
Published: 2 December 2010
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Notes
| Author | Note |
|---|---|
| mdeslaur | added "security key" changes behaviour and will break existing setups. wait a sec...we don't even package awredir.pl -> not-affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
awstats Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| hardy |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
(6.9.5~dfsg-3)
|
|
| upstream |
Released
(6.95)
|
|
|
Patches: upstream: http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awredir.pl?r1=1.6&r2=1.12 |
||