Vulnerabilities

CVE-2020-29600

by Fred · 07/12/2020

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.

Date published : 2020-12-07

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469

Similar

Tags: Cybersecurity Alert