oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: awstats before 7.1 awredir.pl vulnerability

From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 25 Oct 2012 23:45:13 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/25/2012 03:07 AM, Hanno Böck wrote:

http://awstats.sourceforge.net/docs/awstats_changelog.txt -
Security fix into awredir.pl

I didn't find any more info, but please assign a CVE. (and i found
there were awredir issues before that got CVE-2009-5020, but I
think this is a different issue, at least if their changelogs are 
correct)


Please use CVE-2012-4547 for this issue.

One question, in CVE-2009-5020 (the last Awstats open redirect): Steve:

CONFIRM:http://awstats.sourceforge.net/docs/awstats_changelog.txt

Is it possible to include more information in the references like a
line of text or the data it was pulled or something? I'm noticing this
more and more as I try to verify stuff, could we consider adding a
notes field or something?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQiiNoAAoJEBYNRVNeJnmTSbcQAJvzJKn/SF6GewIgStgOsRcM
dsWhlG/3ELZ4kS6ikUrHEOd8LbjBCQ2dK3JK9kTNxp3cY2xuFtBbnTFy3of3YSjZ
1rjsK9xvWbm5+2DHJDbtH2cFuh6jF/Bpx33agf1gYiF0hXcTRfc6zCPerI7Zjtbt
NRcY3yN7yNyZd9C0mY2iT9RWZyqM5tIDRRCkQfVklbltEZOrvgBmXfYSXjTVpzUR
5q4KGcHVYNvr4gVItyg7z3uaADqIhtCw0QZFgQ/YXSDigxWf8qFNvypHm790RY9Q
ilQI6B0E9se+x7ypZda/T7eqxAyzaVUFahIOzg6fstrUCp2FrAbnB5m065JCYzuQ
Q3/Sqy81y12r5p6bbppulzlBgI0zQxT0n+Ayvylea/rp6hcpe82OocnxDVqaw6/z
ovAjZkgDjWogV8TrdgQbW25iKl1A4ib2IEOu5FQbVbM9cT33QhD4GNMx1jSEU/TM
x0SN5j4L7PVP2V+zzACAn4qxK8LTUUFy8pRPYckU9DbGICWBHP2CCTsAUWWCTPc5
2K6+RBPQW0LnSTC60Q//3vQDhpbb+myzwpO3GqHQNpIZzvwQWx94jfXNKN2pZusJ
3bYaoDTtBr7GGUfkp/j/8D8ID3fOvKwZ7TN+aZaehbmFGzpumFidHtsu+cf/+umr
TVsWRQOzhHntznXjVWEr
=e9t/
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: