kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

security/vuxml: Document vulnerability in www/awstats

Browse source 
Security:	CVE-2017-1000501

PR:		225007
Reported by:	Vidar Karlsen <vidar@karlsen.tech>
This commit is contained in:
Danilo G. Baio 2018-01-08 23:03:54 +00:00
parent a621446346
commit 625cafb5d0
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=458494
1 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
security/vuxml/vuln.xml
View file

@ -58,6 +58,35 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
--> -->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="4055aee5-f4c6-11e7-95f2-005056925db4">
<topic>awstats -- remote code execution</topic>
<affects>
<package>
<name>awstats</name>
<range><lt>7.7,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mitre reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501">
<p>Awstats version 7.6 and earlier is vulnerable to a path traversal
flaw in the handling of the "config" and "migrate" parameters resulting
in unauthenticated remote code execution.</p>
</blockquote>
</body>
</description>
<references>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501</url>
<cvename>CVE-2017-1000501</cvename>
<freebsdpr>ports/225007</freebsdpr>
</references>
<dates>
<discovery>2018-01-03</discovery>
<entry>2018-01-08</entry>
</dates>
</vuln>
<vuln vid="a3764767-f31e-11e7-95f2-005056925db4"> <vuln vid="a3764767-f31e-11e7-95f2-005056925db4">
<topic>irssi -- multiple vulnerabilities</topic> <topic>irssi -- multiple vulnerabilities</topic>
<affects> <affects>