CVE-2005-0435
published 2005-05-02CVE-2005-0435: awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.36%
93.6th percentile
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | >= 0 < 6.3-1 | 6.3-1 |
| awstats | awstats | >= 0 < 6.3-1 | 6.3-1 |
| awstats | awstats | >= 0 < 6.3-1 | 6.3-1 |
| awstats | awstats | >= 0 < 6.3-1 | 6.3-1 |
| debian | awstats | < awstats 6.3-1 (bookworm) | awstats 6.3-1 (bookworm) |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-0435: awstats - awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web log...
vendor_debian·2005·CVSS 5.0
CVE-2005-0435 [MEDIUM] CVE-2005-0435: awstats - awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web log...
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
Scope: local
bookworm: resolved (fixed in 6.3-1)
bullseye: resolved (fixed in 6.3-1)
forky: resolved (fixed in 6.3-1)
sid: resolved (fixed in 6.3-1)
trixie: resolved (fixed in 6.3-1)
GHSA
GHSA-vrvm-7gw5-cw9h: awstats
ghsa_unreviewed·2022-05-01
CVE-2005-0435 [MEDIUM] GHSA-vrvm-7gw5-cw9h: awstats
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
OSV
CVE-2005-0435: awstats
osv·2005-05-02·CVSS 5.0
CVE-2005-0435 [MEDIUM] CVE-2005-0435: awstats
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
No detection rules found.
No writeups or analysis indexed.
2005-05-02
Published