CVE-2017-1000501

Published: 3 January 2018

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
awstats Launchpad, Ubuntu, Debian	artful	Released (7.6+dfsg-1ubuntu0.17.10.1)
	precise	Does not exist
	trusty	Does not exist (trusty was released [7.2+dfsg-1ubuntu0.1])
	upstream	Needs triage
	xenial	Released (7.4+dfsg-1ubuntu0.2)
	zesty	Released (7.6+dfsg-1ubuntu0.17.04.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
https://ubuntu.com/security/notices/USN-3518-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›