Mageia 7 MGASA-2021-0024 Critical: Awstats Path Traversal Attack
mageia
January 14, 2021
It was discovered that Awstats was vulnerable to path traversal attacks
Summary
It was discovered that Awstats was vulnerable to path traversal attacks. A
remote unauthenticated attacker could leverage that to perform arbitrary code
execution. The previous fix did not fully address the issue when the default
/etc/awstats/awstats.conf is not present (CVE-2020-29600).
References
- https://bugs.mageia.org/show_bug.cgi?id=27920
- https://lists.debian.org/debian-lts-announce/2020/12/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/
- https://www.cve.org/CVERecord?id=CVE-2020-29600
Resolution
SRPMS
- 7/core/awstats-7.7-1.1.mga7
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 14 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0024.html
Type: security
CVE: CVE-2020-29600
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!