CVE-2006-2237

NameCVE-2006-2237
DescriptionThe web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1058-1
NVD severitymedium (attack range: remote)
Debian Bugs365909, 365910
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
awstats (PTS)squeeze6.9.5~dfsg-5fixed
wheezy7.0~dfsg-7fixed
jessie, sid7.2+dfsg-1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
awstatssource(unstable)6.5-2medium365909, 365910
awstatssourcesarge6.4-1sarge2mediumDSA-1058-1
awstatssourcewoody(not affected)DSA-1058-1

Search for package or bug name: Reporting problems