HomePentest-Tools.com Logo

AWStats <= 7.8 File Read Vulnerability CVE-2020-35176

Severity
CVSSv3 Score
5.3
Vulnerability description

AWStats is prone to a file read vulnerability.

Risk description

In AWStats cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

Recommendation

An unreleased source code patch is available in the linked references.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 12, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available