CVE-2006-2644

NONE EPSS 84.2%
Published May 30, 200620y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 30, 2006 20y ago
Last Modified Jun 16, 2026 2w ago

Description

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

Threat Intelligence

EPSS Exploit Probability
84.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
awstatsawstats6.4_1any
awstatsawstats6.5any
awstatsawstats6.5_1any

References 11

  • bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910
  • secunia.com http://secunia.com/advisories/20164
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/20283
    PatchVendor Advisory
  • secunia.com http://secunia.com/advisories/20502
  • secunia.com http://secunia.com/advisories/20710
  • debian.org http://www.debian.org/security/2006/dsa-1075
    Patch
  • novell.com http://www.novell.com/linux/security/advisories/2006_33_awstats.html
  • osreviews.net http://www.osreviews.net/reviews/comm/awstats
    Patch
  • securityfocus.com http://www.securityfocus.com/bid/18327
  • vupen.com http://www.vupen.com/english/advisories/2006/1998
  • usn.ubuntu.com https://usn.ubuntu.com/290-1/

Remediation

  • secunia.com http://secunia.com/advisories/20283
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2006/dsa-1075
    Patch
  • osreviews.net http://www.osreviews.net/reviews/comm/awstats
    Patch