CVE-2005-1527

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-1527
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/16412 Broken Link Patch Vendor Advisory
http://secunia.com/advisories/17463 Broken Link
http://securitytracker.com/id?1014636 Broken Link Patch Third Party Advisory VDB Entry
http://www.debian.org/security/2005/dsa-892 Mailing List Third Party Advisory
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false Broken Link
http://www.novell.com/linux/security/advisories/2005_19_sr.html Broken Link
http://www.osvdb.org/18696 Broken Link Patch
http://www.securiteam.com/unixfocus/5DP0J00GKE.html Broken Link Vendor Advisory
http://www.securityfocus.com/bid/14525 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 Third Party Advisory VDB Entry
https://usn.ubuntu.com/167-1/ Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
History

14 Feb 2024, 16:58

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-94
First Time Debian
Canonical
Canonical ubuntu Linux
Debian debian Linux
CPE cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*		 cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
References (IDEFENSE) http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false - (IDEFENSE) http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false - Broken Link
References (SECUNIA) http://secunia.com/advisories/16412 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/16412 - Broken Link, Patch, Vendor Advisory
References (UBUNTU) https://usn.ubuntu.com/167-1/ - (UBUNTU) https://usn.ubuntu.com/167-1/ - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/14525 - (BID) http://www.securityfocus.com/bid/14525 - Broken Link, Third Party Advisory, VDB Entry
References (DEBIAN) http://www.debian.org/security/2005/dsa-892 - (DEBIAN) http://www.debian.org/security/2005/dsa-892 - Mailing List, Third Party Advisory
References (SECTRACK) http://securitytracker.com/id?1014636 - Patch (SECTRACK) http://securitytracker.com/id?1014636 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (SUSE) http://www.novell.com/linux/security/advisories/2005_19_sr.html - (SUSE) http://www.novell.com/linux/security/advisories/2005_19_sr.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/17463 - (SECUNIA) http://secunia.com/advisories/17463 - Broken Link
References (OSVDB) http://www.osvdb.org/18696 - Patch (OSVDB) http://www.osvdb.org/18696 - Broken Link, Patch
References (MISC) http://www.securiteam.com/unixfocus/5DP0J00GKE.html - Vendor Advisory (MISC) http://www.securiteam.com/unixfocus/5DP0J00GKE.html - Broken Link, Vendor Advisory
Information

Published : 2005-08-15 04:00

Updated : 2024-02-28 10:42

NVD link : CVE-2005-1527

Mitre link : CVE-2005-1527

CVE.ORG link : CVE-2005-1527

JSON object : View

Products Affected

debian

  • debian_linux

awstats

  • awstats

canonical

  • ubuntu_linux
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')