Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2008:203

Package name: awstats
Date: 2008-09-23
Advisory ID: MDVSA-2008:203
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A cross-site scripting (XSS) vulnerability was found in AWStats that
allowed remote attackers to inject arbitrary web script or HTML via
the query_string (CVE-2008-3714).

The updated packages have been patched to prevent this issue.

Updated packages

CS4.0 x86_64

 7d93335f21a8825e72bf88211ae50695  corporate/4.0/x86_64/awstats-6.4-4.1.20060mlcs4.noarch.rpm 
 cbeea61a4e0c77736931bfdb947a73e7  corporate/4.0/SRPMS/awstats-6.4-4.1.20060mlcs4.src.rpm

CS4.0 i586

 c71882fb1113bea7adf3f31a2947bb78  corporate/4.0/i586/awstats-6.4-4.1.20060mlcs4.noarch.rpm 
 cbeea61a4e0c77736931bfdb947a73e7  corporate/4.0/SRPMS/awstats-6.4-4.1.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714