CVE-2010-4369

Published: Dec 2, 2010Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

Affected (34)

Products: Awstats: Awstats

1 product

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Awstats Awstats	Up to 6.95
Awstats Awstats	Version 1.0
Awstats Awstats	Version 2.1.
Awstats Awstats	Version 2.2.3
Awstats Awstats	Version 2.2.4
Awstats Awstats	Version 3.0
Awstats Awstats	Version 3.1
Awstats Awstats	Version 3.2
Awstats Awstats	Version 4.0
Awstats Awstats	Version 4.1
Awstats Awstats	Version 5.0
Awstats Awstats	Version 5.1
Awstats Awstats	Version 5.2
Awstats Awstats	Version 5.3
Awstats Awstats	Version 5.4
Awstats Awstats	Version 5.5
Awstats Awstats	Version 5.6
Awstats Awstats	Version 5.7
Awstats Awstats	Version 5.8
Awstats Awstats	Version 5.9
Awstats Awstats	Version 6.0
Awstats Awstats	Version 6.1
Awstats Awstats	Version 6.2
Awstats Awstats	Version 6.3
Awstats Awstats	Version 6.4
Awstats Awstats	Version 6.4_1
Awstats Awstats	Version 6.4_1 sarge1
Awstats Awstats	Version 6.5
Awstats Awstats	Version 6.5_1.857
Awstats Awstats	Version 6.5_1
Awstats Awstats	Version 6.6
Awstats Awstats	Version 6.7
Awstats Awstats	Version 6.8
Awstats Awstats	Version 6.9

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (12)

http://awstats.sourceforge.net/docs/awstats_changelog.txt

Source: cve@mitre.org

http://secunia.com/advisories/43004

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:033

Source: cve@mitre.org

http://www.securityfocus.com/bid/45210

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1047-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0202

Source: cve@mitre.org

http://awstats.sourceforge.net/docs/awstats_changelog.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43004

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:033

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45210

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1047-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0202

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.