[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
From: K-OTiK Security <Special-Alerts@xxxxxxxxxx>
Date: 16 Feb 2005 07:45:22 -0000

In-Reply-To: <42126DAD.7090704@xxxxxxxxxxx>


6.4 was released on 2005-02-14 13:13

Fixes:
- Fix security hole that allowed a user to read log file content even
  when plugin rawlog was not enabled.
- Fix a possible use of AWStats for a DoS attack.
- configdir option was broken on windows servers.
- Minor fixes

Regards
K-OTik Security Research & Monitoring Team 24/7
http://www.k-otik.com/english



>Still no dice on 6.3, even with the "config=www.site.org" etc,etc.. same 
>error. So.. Can we all agree that 6.3 is not vulnerable, because I'd 
>rather not upgrade to a dev/unstable release for no reason...
>
>regards,
>jamie

Prev by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by Date: MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability
Previous by thread: RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
Next by thread: RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
Index(es):
- Date
- Thread