CVE-2009-5020
published 2010-12-02CVE-2009-5020: Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…
PriorityP423medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EXPLOIT
EPSS
3.49%
87.7th percentile
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awstats | awstats | <= 6.9 | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
| awstats | awstats | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv5.8MEDIUM
vendor_debian5.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-5020: awstats - Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote a...
vendor_debian·2009·CVSS 5.8
CVE-2009-5020 [MEDIUM] CVE-2009-5020: awstats - Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote a...
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 6.9.5~dfsg-1)
bullseye: resolved (fixed in 6.9.5~dfsg-1)
forky: resolved (fixed in 6.9.5~dfsg-1)
sid: resolved (fixed in 6.9.5~dfsg-1)
trixie: resolved (fixed in 6.9.5~dfsg-1)
GHSA
GHSA-wh75-j83p-2h8c: Open redirect vulnerability in awredir
ghsa_unreviewed·2022-05-02
CVE-2009-5020 [MEDIUM] CWE-20 GHSA-wh75-j83p-2h8c: Open redirect vulnerability in awredir
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
OSV
CVE-2009-5020: Open redirect vulnerability in awredir
osv·2010-12-02·CVSS 5.8
CVE-2009-5020 [MEDIUM] CVE-2009-5020: Open redirect vulnerability in awredir
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
No detection rules found.
Nuclei
AWStats < 6.95 - Open Redirect
nuclei·CVSS 5.8
CVE-2009-5020 [MEDIUM] AWStats < 6.95 - Open Redirect
AWStats < 6.95 - Open Redirect
An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Template:
id: CVE-2009-5020
info:
name: AWStats < 6.95 - Open Redirect
author: pdteam
severity: medium
description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
impact: |
Allows attackers to redirect users to malicious websites or phishing pages.
remediation: Apply all relevant security patches and product upgrades.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2009-5020
- http://awstats.sourceforge.net/docs/awstats_changelog.txt
- https:
2010-12-02
Published