Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 New bug in awstats?
Google
Post new topic Reply to topic
Author Message
Criminal
 
 


Joined: 28 Apr 2004
Posts: 72

PostPosted: Mon Mar 28, 2005 10:06 pm Reply with quoteBack to top

Code:
Warning, a security hole was recently found in old AWStats versions (from 5.0 to 6.3) when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
If you use AWStats with a recent version or if AWStats is not available as a CGI, you are safe. If not, it is highly recommanded to upgrade to 6.4 version that fix all known security holes.

Does this effect the one we use now?
View user's profileSend private messageSend e-mail
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Mon Mar 28, 2005 10:20 pm Reply with quoteBack to top

well i do not know , what do you use now ? in apache2triad you can find the awstats version number in its readme between other places

also i do not know if you give your password away or remove the default password protection for the awstats directory , only the ones that know it can access it heh
View user's profileSend private message
LiquidSnake
past contributor
past contributor


Joined: 23 May 2004
Posts: 267
Location: Middlesboro, KY

PostPosted: Tue Mar 29, 2005 10:27 pm Reply with quoteBack to top

Quote:
AWStats 6.3 (1.5.1)


from the docs, since apache2triad 1.5.1 (edge) release uses 6.3.
View user's profileSend private messageSend e-mailYahoo Messenger
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT