cvelistv5 - CVE-2006-2237

CVE-2006-2237 (GCVE-0-2006-2237)

Vulnerability from cvelistv5 – Published: 2006-05-08 23:00 – Updated: 2024-08-07 17:43

Summary

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/20710	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/20186	third-party-advisoryx_refsource_SECUNIA
	http://awstats.sourceforge.net/awstats_security_n…	x_refsource_CONFIRM
	http://www.debian.org/security/2006/dsa-1058	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/20496	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/1678	vdb-entryx_refsource_VUPEN
	http://www.osreviews.net/reviews/comm/awstats	x_refsource_MISC
	http://secunia.com/advisories/20170	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/25284	vdb-entryx_refsource_OSVDB
	https://usn.ubuntu.com/285-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a…	x_refsource_MISC
	http://secunia.com/advisories/19969	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200606-06.xml	vendor-advisoryx_refsource_GENTOO
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/17844	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:28.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20710"
          },
          {
            "name": "20186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://awstats.sourceforge.net/awstats_security_news.php"
          },
          {
            "name": "DSA-1058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1058"
          },
          {
            "name": "20496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20496"
          },
          {
            "name": "awstats-migrate-command-execution(26287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
          },
          {
            "name": "ADV-2006-1678",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1678"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.osreviews.net/reviews/comm/awstats"
          },
          {
            "name": "20170",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20170"
          },
          {
            "name": "25284",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25284"
          },
          {
            "name": "USN-285-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/285-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
          },
          {
            "name": "19969",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19969"
          },
          {
            "name": "GLSA-200606-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
          },
          {
            "name": "SUSE-SA:2006:033",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
          },
          {
            "name": "17844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17844"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20710"
        },
        {
          "name": "20186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://awstats.sourceforge.net/awstats_security_news.php"
        },
        {
          "name": "DSA-1058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1058"
        },
        {
          "name": "20496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20496"
        },
        {
          "name": "awstats-migrate-command-execution(26287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
        },
        {
          "name": "ADV-2006-1678",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1678"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.osreviews.net/reviews/comm/awstats"
        },
        {
          "name": "20170",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20170"
        },
        {
          "name": "25284",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25284"
        },
        {
          "name": "USN-285-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/285-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
        },
        {
          "name": "19969",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19969"
        },
        {
          "name": "GLSA-200606-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
        },
        {
          "name": "SUSE-SA:2006:033",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
        },
        {
          "name": "17844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17844"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20710"
            },
            {
              "name": "20186",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20186"
            },
            {
              "name": "http://awstats.sourceforge.net/awstats_security_news.php",
              "refsource": "CONFIRM",
              "url": "http://awstats.sourceforge.net/awstats_security_news.php"
            },
            {
              "name": "DSA-1058",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1058"
            },
            {
              "name": "20496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20496"
            },
            {
              "name": "awstats-migrate-command-execution(26287)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
            },
            {
              "name": "ADV-2006-1678",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1678"
            },
            {
              "name": "http://www.osreviews.net/reviews/comm/awstats",
              "refsource": "MISC",
              "url": "http://www.osreviews.net/reviews/comm/awstats"
            },
            {
              "name": "20170",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20170"
            },
            {
              "name": "25284",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25284"
            },
            {
              "name": "USN-285-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/285-1/"
            },
            {
              "name": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html",
              "refsource": "MISC",
              "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
            },
            {
              "name": "19969",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19969"
            },
            {
              "name": "GLSA-200606-06",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
            },
            {
              "name": "SUSE-SA:2006:033",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
            },
            {
              "name": "17844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17844"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2237",
    "datePublished": "2006-05-08T23:00:00",
    "dateReserved": "2006-05-08T00:00:00",
    "dateUpdated": "2024-08-07T17:43:28.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25550AA8-8C79-48EA-A904-896B5B00077B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E37231F4-DEC9-46A7-8686-9B3C710CA396\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.\"}]",
      "id": "CVE-2006-2237",
      "lastModified": "2024-11-21T00:10:51.560",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-05-08T23:02:00.000",
      "references": "[{\"url\": \"http://awstats.sourceforge.net/awstats_security_news.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19969\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20170\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20186\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20496\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20710\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200606-06.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1058\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_33_awstats.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osreviews.net/reviews/comm/awstats\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/25284\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/17844\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1678\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26287\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/285-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://awstats.sourceforge.net/awstats_security_news.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/19969\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20186\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20496\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200606-06.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1058\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_33_awstats.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osreviews.net/reviews/comm/awstats\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/25284\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/17844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1678\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26287\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/285-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2237\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-08T23:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25550AA8-8C79-48EA-A904-896B5B00077B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37231F4-DEC9-46A7-8686-9B3C710CA396\"}]}]}],\"references\":[{\"url\":\"http://awstats.sourceforge.net/awstats_security_news.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19969\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20170\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20186\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20496\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20710\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200606-06.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1058\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_33_awstats.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osreviews.net/reviews/comm/awstats\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25284\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/17844\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1678\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26287\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/285-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://awstats.sourceforge.net/awstats_security_news.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/20170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200606-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_33_awstats.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osreviews.net/reviews/comm/awstats\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25284\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/17844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/285-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-184

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité existe dans les versions 6.4 et 6.5 d'AWStats. Elle permet à une personne malveillante d'envoyer une requête particulière conduisant à l'exécution de code arbitraire à distance.

Description

AWStats est un outil d'analyse statistique pour site web. Les versions 6.4 et 6.5 présentent une vulnérabilité de la mise à jour des valeurs statistiques lançée à partir de la page web. La valeur d'entrée du paramètre migrate n'est pas suffisamment contrôlée. Un utilisateur peut alors envoyer une requête particulière qui ne sera pas correctement interprétée par la fonction Perl open(), afin d'injecter et d'exécuter des commandes à distance. Celles-ci seront lancées avec les mêmes privilèges que le processus associé à l'interface CGI d'AWStats. Il faut noter que cette méthode est possible si l'option AllowToUpdateStatsFromBrowser est activée dans le fichier de configuration d'AWStats. Ce n'est pas le cas par défaut.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions 6.4 et 6.5 d'AWStats.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour de AWStats	None	vendor-advisory
Mise à jour de l'outil AWStats :	-	other
Bulletin de sécurité Debian DSA-1058 du 18 mai 2006 :	-	other
Bulletin de sécurité FreeBSD du 05 mai 2006 :	-	other
Bulletin de sécurité Gentoo GLSA 200606-06 du 07 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions 6.4 et 6.5 d\u0027AWStats.\u003c/P\u003e",
  "content": "## Description\n\nAWStats est un outil d\u0027analyse statistique pour site web. Les versions\n6.4 et 6.5 pr\u00e9sentent une vuln\u00e9rabilit\u00e9 de la mise \u00e0 jour des valeurs\nstatistiques lan\u00e7\u00e9e \u00e0 partir de la page web. La valeur d\u0027entr\u00e9e du\nparam\u00e8tre migrate n\u0027est pas suffisamment contr\u00f4l\u00e9e. Un utilisateur peut\nalors envoyer une requ\u00eate particuli\u00e8re qui ne sera pas correctement\ninterpr\u00e9t\u00e9e par la fonction Perl open(), afin d\u0027injecter et d\u0027ex\u00e9cuter\ndes commandes \u00e0 distance. Celles-ci seront lanc\u00e9es avec les m\u00eames\nprivil\u00e8ges que le processus associ\u00e9 \u00e0 l\u0027interface CGI d\u0027AWStats. Il faut\nnoter que cette m\u00e9thode est possible si l\u0027option\nAllowToUpdateStatsFromBrowser est activ\u00e9e dans le fichier de\nconfiguration d\u0027AWStats. Ce n\u0027est pas le cas par d\u00e9faut.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2237"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour de l\u0027outil AWStats :",
      "url": "http://awstats.sourceforge.net"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1058 du 18 mai 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1058"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 05 mai 2006 :",
      "url": "http://www.vuxml.org/freebsd/pkg-awstats.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200606-06 du 07 juin 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-06.xml"
    }
  ],
  "reference": "CERTA-2006-AVI-184",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-05-05T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 FreeBSD, Debian et de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-05-19T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2006-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 existe dans les versions 6.4 et 6.5 d\u0027AWStats. Elle\npermet \u00e0 une personne malveillante d\u0027envoyer une requ\u00eate particuli\u00e8re\nconduisant \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de AWStats",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour de AWStats",
      "url": null
    }
  ]
}

CERTA-2006-AVI-184

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions 6.4 et 6.5 d'AWStats.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour de AWStats	None	vendor-advisory
Mise à jour de l'outil AWStats :	-	other
Bulletin de sécurité Debian DSA-1058 du 18 mai 2006 :	-	other
Bulletin de sécurité FreeBSD du 05 mai 2006 :	-	other
Bulletin de sécurité Gentoo GLSA 200606-06 du 07 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions 6.4 et 6.5 d\u0027AWStats.\u003c/P\u003e",
  "content": "## Description\n\nAWStats est un outil d\u0027analyse statistique pour site web. Les versions\n6.4 et 6.5 pr\u00e9sentent une vuln\u00e9rabilit\u00e9 de la mise \u00e0 jour des valeurs\nstatistiques lan\u00e7\u00e9e \u00e0 partir de la page web. La valeur d\u0027entr\u00e9e du\nparam\u00e8tre migrate n\u0027est pas suffisamment contr\u00f4l\u00e9e. Un utilisateur peut\nalors envoyer une requ\u00eate particuli\u00e8re qui ne sera pas correctement\ninterpr\u00e9t\u00e9e par la fonction Perl open(), afin d\u0027injecter et d\u0027ex\u00e9cuter\ndes commandes \u00e0 distance. Celles-ci seront lanc\u00e9es avec les m\u00eames\nprivil\u00e8ges que le processus associ\u00e9 \u00e0 l\u0027interface CGI d\u0027AWStats. Il faut\nnoter que cette m\u00e9thode est possible si l\u0027option\nAllowToUpdateStatsFromBrowser est activ\u00e9e dans le fichier de\nconfiguration d\u0027AWStats. Ce n\u0027est pas le cas par d\u00e9faut.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2237"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour de l\u0027outil AWStats :",
      "url": "http://awstats.sourceforge.net"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1058 du 18 mai 2006 :",
      "url": "http://www.debian.org/security/2006/dsa-1058"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 05 mai 2006 :",
      "url": "http://www.vuxml.org/freebsd/pkg-awstats.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200606-06 du 07 juin 2006    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-06.xml"
    }
  ],
  "reference": "CERTA-2006-AVI-184",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-05-05T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 FreeBSD, Debian et de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-05-19T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2006-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 existe dans les versions 6.4 et 6.5 d\u0027AWStats. Elle\npermet \u00e0 une personne malveillante d\u0027envoyer une requ\u00eate particuli\u00e8re\nconduisant \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de AWStats",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour de AWStats",
      "url": null
    }
  ]
}

GHSA-X4MQ-2MHG-3C5X

Vulnerability from github – Published: 2022-05-01 06:57 – Updated: 2025-04-03 04:31

Details

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2237"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-08T23:02:00Z",
    "severity": "MODERATE"
  },
  "details": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.",
  "id": "GHSA-x4mq-2mhg-3c5x",
  "modified": "2025-04-03T04:31:54Z",
  "published": "2022-05-01T06:57:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2237"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/285-1"
    },
    {
      "type": "WEB",
      "url": "http://awstats.sourceforge.net/awstats_security_news.php"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19969"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20170"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20186"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20496"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20710"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1058"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osreviews.net/reviews/comm/awstats"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25284"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17844"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1678"
    },
    {
      "type": "WEB",
      "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-2237

Vulnerability from fkie_nvd - Published: 2006-05-08 23:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

References

URL	Tags
cve@mitre.org	http://awstats.sourceforge.net/awstats_security_news.php
cve@mitre.org	http://secunia.com/advisories/19969	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/20170
cve@mitre.org	http://secunia.com/advisories/20186
cve@mitre.org	http://secunia.com/advisories/20496
cve@mitre.org	http://secunia.com/advisories/20710
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200606-06.xml
cve@mitre.org	http://www.debian.org/security/2006/dsa-1058
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_33_awstats.html
cve@mitre.org	http://www.osreviews.net/reviews/comm/awstats
cve@mitre.org	http://www.osvdb.org/25284	Patch
cve@mitre.org	http://www.securityfocus.com/bid/17844
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1678
cve@mitre.org	http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26287
cve@mitre.org	https://usn.ubuntu.com/285-1/
af854a3a-2127-422b-91ae-364da2661108	http://awstats.sourceforge.net/awstats_security_news.php
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19969	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20170
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20186
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20496
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20710
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200606-06.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1058
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_33_awstats.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osreviews.net/reviews/comm/awstats
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25284	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17844
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1678
af854a3a-2127-422b-91ae-364da2661108	http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26287
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/285-1/

Impacted products

	Vendor	Product	Version
	awstats	awstats	6.4
	awstats	awstats	6.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25550AA8-8C79-48EA-A904-896B5B00077B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37231F4-DEC9-46A7-8686-9B3C710CA396",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter."
    }
  ],
  "id": "CVE-2006-2237",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-08T23:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://awstats.sourceforge.net/awstats_security_news.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19969"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20170"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20186"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20710"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1058"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osreviews.net/reviews/comm/awstats"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/25284"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17844"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1678"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/285-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://awstats.sourceforge.net/awstats_security_news.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osreviews.net/reviews/comm/awstats"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/25284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/285-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-2237

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.

Aliases

CVE-2006-2237

Aliases

CVE-2006-2237

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2237",
    "description": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.",
    "id": "GSD-2006-2237",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-2237.html",
      "https://www.debian.org/security/2006/dsa-1058",
      "https://packetstormsecurity.com/files/cve/CVE-2006-2237"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2237"
      ],
      "details": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.",
      "id": "GSD-2006-2237",
      "modified": "2023-12-13T01:19:53.199193Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2237",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20710",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20710"
          },
          {
            "name": "20186",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20186"
          },
          {
            "name": "http://awstats.sourceforge.net/awstats_security_news.php",
            "refsource": "CONFIRM",
            "url": "http://awstats.sourceforge.net/awstats_security_news.php"
          },
          {
            "name": "DSA-1058",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1058"
          },
          {
            "name": "20496",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20496"
          },
          {
            "name": "awstats-migrate-command-execution(26287)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
          },
          {
            "name": "ADV-2006-1678",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1678"
          },
          {
            "name": "http://www.osreviews.net/reviews/comm/awstats",
            "refsource": "MISC",
            "url": "http://www.osreviews.net/reviews/comm/awstats"
          },
          {
            "name": "20170",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20170"
          },
          {
            "name": "25284",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25284"
          },
          {
            "name": "USN-285-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/285-1/"
          },
          {
            "name": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html",
            "refsource": "MISC",
            "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
          },
          {
            "name": "19969",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19969"
          },
          {
            "name": "GLSA-200606-06",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
          },
          {
            "name": "SUSE-SA:2006:033",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
          },
          {
            "name": "17844",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17844"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2237"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.osreviews.net/reviews/comm/awstats",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.osreviews.net/reviews/comm/awstats"
            },
            {
              "name": "http://awstats.sourceforge.net/awstats_security_news.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://awstats.sourceforge.net/awstats_security_news.php"
            },
            {
              "name": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.vuxml.org/freebsd/2df297a2-dc74-11da-a22b-000c6ec775d9.html"
            },
            {
              "name": "17844",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17844"
            },
            {
              "name": "25284",
              "refsource": "OSVDB",
              "tags": [
                "Patch"
              ],
              "url": "http://www.osvdb.org/25284"
            },
            {
              "name": "19969",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19969"
            },
            {
              "name": "DSA-1058",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1058"
            },
            {
              "name": "20170",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20170"
            },
            {
              "name": "20186",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20186"
            },
            {
              "name": "SUSE-SA:2006:033",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_33_awstats.html"
            },
            {
              "name": "20710",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20710"
            },
            {
              "name": "GLSA-200606-06",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200606-06.xml"
            },
            {
              "name": "20496",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20496"
            },
            {
              "name": "ADV-2006-1678",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1678"
            },
            {
              "name": "awstats-migrate-command-execution(26287)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26287"
            },
            {
              "name": "USN-285-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/285-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-03T21:40Z",
      "publishedDate": "2006-05-08T23:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2237 (GCVE-0-2006-2237)

CERTA-2006-AVI-184

Description

Solution

CERTA-2006-AVI-184

Description

Solution

GHSA-X4MQ-2MHG-3C5X

FKIE_CVE-2006-2237

GSD-2006-2237

Tags

Sightings

Nomenclature