cvelistv5 - CVE-2010-4369

CVE-2010-4369 (GCVE-0-2010-4369)

Vulnerability from cvelistv5 – Published: 2010-12-02 16:00 – Updated: 2024-08-07 03:43

Summary

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2011/0202	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/45210	vdb-entryx_refsource_BID
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ubuntu.com/usn/USN-1047-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/43004	third-party-advisoryx_refsource_SECUNIA
	http://awstats.sourceforge.net/docs/awstats_chang…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0202",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0202"
          },
          {
            "name": "45210",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45210"
          },
          {
            "name": "MDVSA-2011:033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
          },
          {
            "name": "USN-1047-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1047-1"
          },
          {
            "name": "43004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-10T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0202",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0202"
        },
        {
          "name": "45210",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45210"
        },
        {
          "name": "MDVSA-2011:033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
        },
        {
          "name": "USN-1047-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1047-1"
        },
        {
          "name": "43004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4369",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0202",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0202"
            },
            {
              "name": "45210",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45210"
            },
            {
              "name": "MDVSA-2011:033",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
            },
            {
              "name": "USN-1047-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1047-1"
            },
            {
              "name": "43004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43004"
            },
            {
              "name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt",
              "refsource": "CONFIRM",
              "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4369",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.95\", \"matchCriteriaId\": \"D7115E25-7D97-4CEE-A1E1-A2E5029EAD92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"429BAD9D-2EE5-45F9-AE64-81297CB021E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFA8E3D3-78F9-47E4-926A-014E277149BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D26C7A8E-253B-4A5D-AA43-76272DBCE5E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"257E78AE-01A0-47D3-89DC-034707061DEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9472B294-86D2-4EA0-A5EC-528546582B41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D1FA8C0-64DF-4B52-A034-400678D086E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39BF58B2-6895-4131-8620-8DFEE7BE4A45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"255AE13F-5A3E-4A8E-B453-C9B10971E2E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C941C8-7433-4518-B25E-987380FBD615\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A13B168A-5B44-48F9-891B-0BB28AD02721\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1ADC1071-123D-4C66-BFEE-D140ABCD273B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E169347-2804-4DC0-9EC9-B3840C719EFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34318EAF-8E44-49AF-87C0-A2C0BB981D62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"058FD0C7-1E3F-4EDF-B024-F9D572D78693\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"882C578E-14B6-4003-A9B2-0366F7EDCEC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E916066B-7CB0-4111-A450-6313724D4805\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEE32264-0980-4122-AA46-0E40D1432103\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"353361B9-864D-41E1-B4C0-337EA5373B82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4119D0EC-66BB-4C55-80E1-6D458492E978\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C5DFFC3-A628-4569-9AB7-3C60C3F5DDC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B1B44AB-45F0-4E0A-8529-610C6B8934BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"312C3DA6-D34A-4566-923E-F2ECD613EF96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24439BBC-DEDA-4309-B8B5-78289476052B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25550AA8-8C79-48EA-A904-896B5B00077B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEC7CE6C-5542-438C-9992-47FE411F0D70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE110FB0-77EF-40AB-9FD7-6D1410AA1296\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E37231F4-DEC9-46A7-8686-9B3C710CA396\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4C9F6F9-04C8-4169-B779-3195E31B8616\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DB81DA1-ACDD-43DC-BA06-E10DE98BE698\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D01C869D-EB1E-4204-A445-FBE28608321C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"617FF6E9-7C2C-48B4-B590-7F0E33367311\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBA8DE50-16FC-4CC5-A0CE-9C7C4858285A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AF1AC45-C46E-4A60-B1D9-B972E838E5AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en AWStats anterior a v7.0 permite a atacantes remotos tener un impacto no especificado a trav\\u00e9s directorio LoadPlugin especialmente manipulado.\"}]",
      "id": "CVE-2010-4369",
      "lastModified": "2024-11-21T01:20:47.923",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-12-02T16:22:21.910",
      "references": "[{\"url\": \"http://awstats.sourceforge.net/docs/awstats_changelog.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/43004\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/45210\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1047-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0202\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://awstats.sourceforge.net/docs/awstats_changelog.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1047-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0202\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4369\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-12-02T16:22:21.910\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en AWStats anterior a v7.0 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s directorio LoadPlugin especialmente manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.95\",\"matchCriteriaId\":\"D7115E25-7D97-4CEE-A1E1-A2E5029EAD92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"429BAD9D-2EE5-45F9-AE64-81297CB021E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFA8E3D3-78F9-47E4-926A-014E277149BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26C7A8E-253B-4A5D-AA43-76272DBCE5E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"257E78AE-01A0-47D3-89DC-034707061DEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9472B294-86D2-4EA0-A5EC-528546582B41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D1FA8C0-64DF-4B52-A034-400678D086E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39BF58B2-6895-4131-8620-8DFEE7BE4A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"255AE13F-5A3E-4A8E-B453-C9B10971E2E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C941C8-7433-4518-B25E-987380FBD615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A13B168A-5B44-48F9-891B-0BB28AD02721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ADC1071-123D-4C66-BFEE-D140ABCD273B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E169347-2804-4DC0-9EC9-B3840C719EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34318EAF-8E44-49AF-87C0-A2C0BB981D62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"058FD0C7-1E3F-4EDF-B024-F9D572D78693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"882C578E-14B6-4003-A9B2-0366F7EDCEC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E916066B-7CB0-4111-A450-6313724D4805\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE32264-0980-4122-AA46-0E40D1432103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"353361B9-864D-41E1-B4C0-337EA5373B82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4119D0EC-66BB-4C55-80E1-6D458492E978\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C5DFFC3-A628-4569-9AB7-3C60C3F5DDC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B1B44AB-45F0-4E0A-8529-610C6B8934BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"312C3DA6-D34A-4566-923E-F2ECD613EF96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24439BBC-DEDA-4309-B8B5-78289476052B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25550AA8-8C79-48EA-A904-896B5B00077B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEC7CE6C-5542-438C-9992-47FE411F0D70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE110FB0-77EF-40AB-9FD7-6D1410AA1296\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37231F4-DEC9-46A7-8686-9B3C710CA396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4C9F6F9-04C8-4169-B779-3195E31B8616\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DB81DA1-ACDD-43DC-BA06-E10DE98BE698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D01C869D-EB1E-4204-A445-FBE28608321C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617FF6E9-7C2C-48B4-B590-7F0E33367311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA8DE50-16FC-4CC5-A0CE-9C7C4858285A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AF1AC45-C46E-4A60-B1D9-B972E838E5AC\"}]}]}],\"references\":[{\"url\":\"http://awstats.sourceforge.net/docs/awstats_changelog.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43004\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/45210\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1047-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0202\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://awstats.sourceforge.net/docs/awstats_changelog.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1047-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2010-4369

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

Aliases

CVE-2010-4369

Aliases

CVE-2010-4369

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4369",
    "description": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.",
    "id": "GSD-2010-4369"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4369"
      ],
      "details": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.",
      "id": "GSD-2010-4369",
      "modified": "2023-12-13T01:21:30.485891Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-4369",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2011-0202",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0202"
          },
          {
            "name": "45210",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45210"
          },
          {
            "name": "MDVSA-2011:033",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
          },
          {
            "name": "USN-1047-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1047-1"
          },
          {
            "name": "43004",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43004"
          },
          {
            "name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt",
            "refsource": "CONFIRM",
            "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.95",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4369"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
            },
            {
              "name": "45210",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45210"
            },
            {
              "name": "ADV-2011-0202",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0202"
            },
            {
              "name": "43004",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43004"
            },
            {
              "name": "USN-1047-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1047-1"
            },
            {
              "name": "MDVSA-2011:033",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-02-23T06:47Z",
      "publishedDate": "2010-12-02T16:22Z"
    }
  }
}

CERTA-2010-AVI-579

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités affectent AWStats dont certaines permettent à un utilisateur malveillant d'exécuter du code à distance.

Description

Des vulnérabilités affectent AWStats :

l'acceptation par awstat.cgi d'un chemin vers un fichier de configuration dans l'adresse réticulaire (URL) permet à un utilisateur malveillant d'exécuter du code à distance au moyen d'un fichier de configuration malveillant dans un répertoire NFS ou WebDAV ;
le même problème est également présent sous Windows avec les fichiers partagés ;
l'utilisation de LoadPlugin permet à un utilisateur malveillant de parcourir une partie non autorisée de l'arborescence des fichiers.

Solution

La version 7.0 d'AWStats corrige ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

AWStats 6.95 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de vulnérabilité de l'US-CERT VU#870532 du 30 novembre 2010	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#870532 du 30 novembre 2010 :	-	other
Site de téléchargement du projet AWStats :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAWStats 6.95 et versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s affectent AWStats\u00a0:\n\n-   l\u0027acceptation par awstat.cgi d\u0027un chemin vers un fichier de\n    configuration dans l\u0027adresse r\u00e9ticulaire (URL) permet \u00e0 un\n    utilisateur malveillant d\u0027ex\u00e9cuter du code \u00e0 distance au moyen d\u0027un\n    fichier de configuration malveillant dans un r\u00e9pertoire NFS ou\n    WebDAV\u00a0;\n-   le m\u00eame probl\u00e8me est \u00e9galement pr\u00e9sent sous Windows avec les\n    fichiers partag\u00e9s\u00a0;\n-   l\u0027utilisation de LoadPlugin permet \u00e0 un utilisateur malveillant de\n    parcourir une partie non autoris\u00e9e de l\u0027arborescence des fichiers.\n\n## Solution\n\nLa version 7.0 d\u0027AWStats corrige ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4369"
    },
    {
      "name": "CVE-2010-4368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4368"
    },
    {
      "name": "CVE-2010-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4367"
    }
  ],
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#870532 du 30 novembre    2010 :",
      "url": "http://www.kb.cert.org/vuls/id/870532"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement du projet AWStats :",
      "url": "http://awstats.sourceforge.net"
    }
  ],
  "reference": "CERTA-2010-AVI-579",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s affectent AWStats dont certaines permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans AWStats",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#870532 du 30 novembre 2010",
      "url": null
    }
  ]
}

CERTA-2010-AVI-579

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités affectent AWStats dont certaines permettent à un utilisateur malveillant d'exécuter du code à distance.

Description

Des vulnérabilités affectent AWStats :

l'acceptation par awstat.cgi d'un chemin vers un fichier de configuration dans l'adresse réticulaire (URL) permet à un utilisateur malveillant d'exécuter du code à distance au moyen d'un fichier de configuration malveillant dans un répertoire NFS ou WebDAV ;
le même problème est également présent sous Windows avec les fichiers partagés ;
l'utilisation de LoadPlugin permet à un utilisateur malveillant de parcourir une partie non autorisée de l'arborescence des fichiers.

Solution

La version 7.0 d'AWStats corrige ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

AWStats 6.95 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Note de vulnérabilité de l'US-CERT VU#870532 du 30 novembre 2010	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#870532 du 30 novembre 2010 :	-	other
Site de téléchargement du projet AWStats :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAWStats 6.95 et versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s affectent AWStats\u00a0:\n\n-   l\u0027acceptation par awstat.cgi d\u0027un chemin vers un fichier de\n    configuration dans l\u0027adresse r\u00e9ticulaire (URL) permet \u00e0 un\n    utilisateur malveillant d\u0027ex\u00e9cuter du code \u00e0 distance au moyen d\u0027un\n    fichier de configuration malveillant dans un r\u00e9pertoire NFS ou\n    WebDAV\u00a0;\n-   le m\u00eame probl\u00e8me est \u00e9galement pr\u00e9sent sous Windows avec les\n    fichiers partag\u00e9s\u00a0;\n-   l\u0027utilisation de LoadPlugin permet \u00e0 un utilisateur malveillant de\n    parcourir une partie non autoris\u00e9e de l\u0027arborescence des fichiers.\n\n## Solution\n\nLa version 7.0 d\u0027AWStats corrige ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4369"
    },
    {
      "name": "CVE-2010-4368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4368"
    },
    {
      "name": "CVE-2010-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4367"
    }
  ],
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#870532 du 30 novembre    2010 :",
      "url": "http://www.kb.cert.org/vuls/id/870532"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement du projet AWStats :",
      "url": "http://awstats.sourceforge.net"
    }
  ],
  "reference": "CERTA-2010-AVI-579",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s affectent AWStats dont certaines permettent \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans AWStats",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#870532 du 30 novembre 2010",
      "url": null
    }
  ]
}

GHSA-V355-J978-C759

Vulnerability from github – Published: 2022-05-17 05:43 – Updated: 2022-05-17 05:43

Details

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-12-02T16:22:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.",
  "id": "GHSA-v355-j978-c759",
  "modified": "2022-05-17T05:43:22Z",
  "published": "2022-05-17T05:43:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4369"
    },
    {
      "type": "WEB",
      "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43004"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45210"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1047-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0202"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2010-4369

Vulnerability from fkie_nvd - Published: 2010-12-02 16:22 - Updated: 2025-04-11 00:51

Severity ?

Summary

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

References

	URL	Tags
	cve@mitre.org	http://awstats.sourceforge.net/docs/awstats_changelog.txt
	cve@mitre.org	http://secunia.com/advisories/43004
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033
	cve@mitre.org	http://www.securityfocus.com/bid/45210
	cve@mitre.org	http://www.ubuntu.com/usn/USN-1047-1
	cve@mitre.org	http://www.vupen.com/english/advisories/2011/0202
	af854a3a-2127-422b-91ae-364da2661108	http://awstats.sourceforge.net/docs/awstats_changelog.txt
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43004
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45210
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1047-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0202

Impacted products

Vendor	Product	Version
awstats	awstats	*
awstats	awstats	1.0
awstats	awstats	2.1.
awstats	awstats	2.2.3
awstats	awstats	2.2.4
awstats	awstats	3.0
awstats	awstats	3.1
awstats	awstats	3.2
awstats	awstats	4.0
awstats	awstats	4.1
awstats	awstats	5.0
awstats	awstats	5.1
awstats	awstats	5.2
awstats	awstats	5.3
awstats	awstats	5.4
awstats	awstats	5.5
awstats	awstats	5.6
awstats	awstats	5.7
awstats	awstats	5.8
awstats	awstats	5.9
awstats	awstats	6.0
awstats	awstats	6.1
awstats	awstats	6.2
awstats	awstats	6.3
awstats	awstats	6.4
awstats	awstats	6.4_1
awstats	awstats	6.4_1
awstats	awstats	6.5
awstats	awstats	6.5_1
awstats	awstats	6.5_1.857
awstats	awstats	6.6
awstats	awstats	6.7
awstats	awstats	6.8
awstats	awstats	6.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7115E25-7D97-4CEE-A1E1-A2E5029EAD92",
              "versionEndIncluding": "6.95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "429BAD9D-2EE5-45F9-AE64-81297CB021E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA8E3D3-78F9-47E4-926A-014E277149BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26C7A8E-253B-4A5D-AA43-76272DBCE5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "257E78AE-01A0-47D3-89DC-034707061DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9472B294-86D2-4EA0-A5EC-528546582B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D1FA8C0-64DF-4B52-A034-400678D086E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39BF58B2-6895-4131-8620-8DFEE7BE4A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "255AE13F-5A3E-4A8E-B453-C9B10971E2E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C941C8-7433-4518-B25E-987380FBD615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A13B168A-5B44-48F9-891B-0BB28AD02721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADC1071-123D-4C66-BFEE-D140ABCD273B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E169347-2804-4DC0-9EC9-B3840C719EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34318EAF-8E44-49AF-87C0-A2C0BB981D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "058FD0C7-1E3F-4EDF-B024-F9D572D78693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C578E-14B6-4003-A9B2-0366F7EDCEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E916066B-7CB0-4111-A450-6313724D4805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE32264-0980-4122-AA46-0E40D1432103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "353361B9-864D-41E1-B4C0-337EA5373B82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4119D0EC-66BB-4C55-80E1-6D458492E978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5DFFC3-A628-4569-9AB7-3C60C3F5DDC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1B44AB-45F0-4E0A-8529-610C6B8934BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "312C3DA6-D34A-4566-923E-F2ECD613EF96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24439BBC-DEDA-4309-B8B5-78289476052B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25550AA8-8C79-48EA-A904-896B5B00077B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEC7CE6C-5542-438C-9992-47FE411F0D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*",
              "matchCriteriaId": "BE110FB0-77EF-40AB-9FD7-6D1410AA1296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37231F4-DEC9-46A7-8686-9B3C710CA396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4C9F6F9-04C8-4169-B779-3195E31B8616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB81DA1-ACDD-43DC-BA06-E10DE98BE698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01C869D-EB1E-4204-A445-FBE28608321C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "617FF6E9-7C2C-48B4-B590-7F0E33367311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA8DE50-16FC-4CC5-A0CE-9C7C4858285A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF1AC45-C46E-4A60-B1D9-B972E838E5AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en AWStats anterior a v7.0 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s directorio LoadPlugin especialmente manipulado."
    }
  ],
  "id": "CVE-2010-4369",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-12-02T16:22:21.910",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45210"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1047-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1047-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0202"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4369 (GCVE-0-2010-4369)

GSD-2010-4369

CERTA-2010-AVI-579

Description

Solution

CERTA-2010-AVI-579

Description

Solution

GHSA-V355-J978-C759

FKIE_CVE-2010-4369

Tags

Sightings

Nomenclature