Information on source package awstats

Available versions

ReleaseVersion
jessie7.2+dfsg-1+deb8u1
stretch7.6+dfsg-1+deb9u2
buster7.6+dfsg-2+deb10u2
bullseye7.8-2+deb11u1
bookworm7.8-3+deb12u1
trixie7.9-1
sid7.9-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-46391vulnerablevulnerablefixedfixedfixedfixedfixedAWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to print ...
CVE-2020-35176vulnerablefixedfixedfixedfixedfixedfixedIn AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...
CVE-2020-29600vulnerablefixedfixedfixedfixedfixedfixedIn AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2018-10245vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ...

Resolved issues

BugDescription
CVE-2017-1000501Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...
CVE-2012-4547Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unkn ...
CVE-2010-4369Directory traversal vulnerability in AWStats before 7.0 allows remote ...
CVE-2010-4368awstats.cgi in AWStats before 7.0 on Windows accepts a configdir param ...
CVE-2010-4367awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...
CVE-2009-5020Open redirect vulnerability in awredir.pl in AWStats before 6.95 allow ...
CVE-2008-5080awstats.pl in AWStats 6.8 and earlier does not properly remove quote c ...
CVE-2008-3714Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 ...
CVE-2006-3682awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attack ...
CVE-2006-3681Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in A ...
CVE-2006-2644AWStats 6.5, and possibly other versions, allows remote authenticated ...
CVE-2006-2237The web interface for AWStats 6.4 and 6.5, when statistics updates are ...
CVE-2006-1945Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...
CVE-2005-1527Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...
CVE-2005-0438awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain se ...
CVE-2005-0437Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...
CVE-2005-0436Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6 ...
CVE-2005-0435awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read serv ...
CVE-2005-0363awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute a ...
CVE-2005-0362awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...
CVE-2005-0116AWStats 6.1, and other versions before 6.3, allows remote attackers to ...

Security announcements

DSA / DLADescription
DLA-3225-1awstats - security update
DLA-2506-1awstats - security update
DSA-4092-1awstats - security update
DLA-1238-1awstats - security update
DSA-1679-1awstats - cross-site scripting
DSA-1075-1awstats - programming error
DSA-1058-1awstats - missing input sanitising
DSA-892-1awstats - missing input sanitising
DSA-682-1awstats - missing input sanitising

Search for package or bug name: Reporting problems