Bugtraq mailing list archives
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
From: K-OTiK Security <Special-Alerts () k-otik com>
Date: 16 Feb 2005 07:45:22 -0000
In-Reply-To: <42126DAD.7090704 () norwich edu> 6.4 was released on 2005-02-14 13:13 Fixes: - Fix security hole that allowed a user to read log file content even when plugin rawlog was not enabled. - Fix a possible use of AWStats for a DoS attack. - configdir option was broken on windows servers. - Minor fixes Regards K-OTik Security Research & Monitoring Team 24/7 http://www.k-otik.com/english
Still no dice on 6.3, even with the "config=www.site.org" etc,etc.. same error. So.. Can we all agree that 6.3 is not vulnerable, because I'd rather not upgrade to a dev/unstable release for no reason... regards, jamie
Current thread:
- RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? William Pratt (Feb 15)
- <Possible follow-ups>
- Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? K-OTiK Security (Feb 16)
- RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Michael Scheidell (Feb 17)
- Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? newbug Tseng (Feb 19)