Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2020-35176

Published: 12/12/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Awstats

Vulnerability Summary

In AWStats up to and including 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

awstats awstats

debian debian linux 9.0

fedoraproject fedora 32

fedoraproject fedora 33

Vendor Advisories

Debian CVElist Bug Report Logs: awstats: CVE-2020-35176
Debian Bug report logs - #977190 awstats: CVE-2020-35176 Package: src:awstats; Maintainer for src:awstats is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Dec 2020 09:21:01 UTC Severity: important Tags: security, upstream Found in version awstats/78-1 ...
Arch Linux Issues:
In AWStats through 78, cgi-bin/awstatspl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstatsconf format NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600 ...

References

CWE-22https://github.com/eldy/awstats/issues/195https://lists.debian.org/debian-lts-announce/2020/12/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHYCKLW5VPM6KP2WZW6DCCVHVBG7YCW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook