MDVSA-2009:266
- Package name
- awstats
- Date
- 2009-10-09
- Advisory ID
- MDVSA-2009:266
- Affected versions
- CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in awstats:
awstats.pl in AWStats 6.8 and earlier does not properly remove quote
characters, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via the query_string parameter. NOTE:
this issue exists because of an incomplete fix for CVE-2008-3714
(CVE-2008-5080).
This update fixes this vulnerability.
Updated packages
CS4.0 x86_64
c96b5745505285c7ae80a798397d3efa corporate/4.0/x86_64/awstats-6.4-4.2.20060mlcs4.noarch.rpm aad43ac08b36f39640ba196b379a51b3 corporate/4.0/SRPMS/awstats-6.4-4.2.20060mlcs4.src.rpm
MES5 i586
0c9d48d0a9654b3b70d0c744a3f7cb3b mes5/i586/awstats-6.8-1.1mdvmes5.noarch.rpm 045a91a40fe4dcded24395be72aa802e mes5/SRPMS/awstats-6.8-1.1mdvmes5.src.rpm
CS4.0 i586
9e3e4e52928adf8f7dac28b092a2a256 corporate/4.0/i586/awstats-6.4-4.2.20060mlcs4.noarch.rpm aad43ac08b36f39640ba196b379a51b3 corporate/4.0/SRPMS/awstats-6.4-4.2.20060mlcs4.src.rpm
MES5 x86_64
135bbfe9935bf15700276fecc491764a mes5/x86_64/awstats-6.8-1.1mdvmes5.noarch.rpm 045a91a40fe4dcded24395be72aa802e mes5/SRPMS/awstats-6.8-1.1mdvmes5.src.rpm