Fluid Attacks Database

Description

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	awstats	=7.8-2 \|\| =7.8-2+deb11u1 \|\| =7.8-2+deb11u2 \|\| =7.8-3 \|\| =7.8-4 \|\| =7.9-1 \|\| =8.0-1 \|\| =8.0-2 \|\| =8.0-3 \|\| =8.0-4 \|\| =8.0-5
debian 13	awstats	=7.9-1 \|\| =7.9-1+deb13u1 \|\| =8.0-1 \|\| =8.0-2 \|\| =8.0-3 \|\| =8.0-4 \|\| =8.0-5
debian 14	awstats	=7.9-1 \|\| =8.0-1 \|\| =8.0-2 \|\| =8.0-3 \|\| =8.0-4 \|\| =8.0-5
debian 12	awstats	=7.8-3 \|\| =7.8-3+deb12u1 \|\| =7.8-3+deb12u2 \|\| =7.8-4 \|\| =7.9-1 \|\| =8.0-1 \|\| =8.0-2 \|\| =8.0-3 \|\| =8.0-4 \|\| =8.0-5

Aliases

1. CVE-2018-102452. NVD-2018-102453. OSV-DEBIAN-2018-102454. OSV-2018-102455. SECURITY-TRACKER-CVE-2018-10245

References

1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10245.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.