Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/awstats@6.5%2Bdfsg-1%2Betch1

Type deb

Namespace debian

Name awstats

Version 6.5+dfsg-1+etch1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.8-3+deb12u2

Latest_non_vulnerable_version 8.0-5

Affected_by_vulnerabilities

url VCID-4mn4-kwvz-zfdr

vulnerability_id VCID-4mn4-kwvz-zfdr

summary awstats: Cross-site scripting (XSS) vulnerability

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-3714

reference_id

reference_type

scores

value	0.04053
scoring_system	epss
scoring_elements	0.88528
published_at	2026-04-18T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88463
published_at	2026-04-01T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.8847
published_at	2026-04-02T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88487
published_at	2026-04-04T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.8849
published_at	2026-04-07T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88509
published_at	2026-04-08T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88515
published_at	2026-04-09T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88526
published_at	2026-04-11T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88518
published_at	2026-04-13T12:55:00Z

value	0.04053
scoring_system	epss
scoring_elements	0.88532
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-3714

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714

reference_url	http://secunia.com/advisories/31519
reference_id
reference_type
scores
url	http://secunia.com/advisories/31519

reference_url	http://secunia.com/advisories/31759
reference_id
reference_type
scores
url	http://secunia.com/advisories/31759

reference_url	http://secunia.com/advisories/32939
reference_id
reference_type
scores
url	http://secunia.com/advisories/32939

reference_url	http://secunia.com/advisories/33002
reference_id
reference_type
scores
url	http://secunia.com/advisories/33002

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44504
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/44504

reference_url	http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764
reference_id
reference_type
scores
url	http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html

reference_url	http://www.debian.org/security/2008/dsa-1679
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1679

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:203
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:203

reference_url	http://www.securityfocus.com/bid/30730
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30730

reference_url	http://www.securitytracker.com/id?1020704
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020704

reference_url	http://www.ubuntu.com/usn/usn-686-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-686-1

reference_url	http://www.vupen.com/english/advisories/2008/2399
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2399

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=459605
reference_id	459605
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=459605

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
reference_id	495432
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-3714

reference_id

CVE-2008-3714

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2008-3714

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt
reference_id	CVE-2008-3714;OSVDB-47536
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt

reference_url	https://www.securityfocus.com/bid/30730/info
reference_id	CVE-2008-3714;OSVDB-47536
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/30730/info

reference_url	https://usn.ubuntu.com/686-1/
reference_id	USN-686-1
reference_type
scores
url	https://usn.ubuntu.com/686-1/

fixed_packages

url pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1

purl pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-9xag-6wej-6bgk

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-kfb9-pts3-dffa

vulnerability	VCID-kspy-ctky-ykav

vulnerability	VCID-mds9-fb3d-9qgt

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1

aliases CVE-2008-3714

risk_score 7.8

exploitability 2.0

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mn4-kwvz-zfdr

url VCID-6241-45ms-x3ec

vulnerability_id VCID-6241-45ms-x3ec

summary AWStats 8.0 is vulnerable to Command Injection via the open function

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-63261

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.1973
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19683
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19454
published_at	2026-04-07T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20518
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20628
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20587
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20534
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2052
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20551
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20609
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-63261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878
reference_id	1131878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878

reference_url

https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl

reference_id

awstats.pl

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/

url

https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl

reference_url

https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf

reference_id

PTT-2025-021-Code-Execution-in-AWStats.pdf

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/

url

https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf

fixed_packages

url pkg:deb/debian/awstats@7.8-3%2Bdeb12u1

purl pkg:deb/debian/awstats@7.8-3%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1

url	pkg:deb/debian/awstats@7.8-3%2Bdeb12u2
purl	pkg:deb/debian/awstats@7.8-3%2Bdeb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u2

url	pkg:deb/debian/awstats@7.9-1%2Bdeb13u1
purl	pkg:deb/debian/awstats@7.9-1%2Bdeb13u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%252Bdeb13u1

url	pkg:deb/debian/awstats@8.0-5
purl	pkg:deb/debian/awstats@8.0-5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5

aliases CVE-2025-63261

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-45ms-x3ec

url VCID-9xag-6wej-6bgk

vulnerability_id VCID-9xag-6wej-6bgk

summary Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4369

reference_id

reference_type

scores

value	0.00179
scoring_system	epss
scoring_elements	0.39458
published_at	2026-04-18T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39309
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3947
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39494
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39407
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39464
published_at	2026-04-08T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39478
published_at	2026-04-09T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.3949
published_at	2026-04-11T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39451
published_at	2026-04-12T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39434
published_at	2026-04-13T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39486
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4369

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369

reference_url	http://secunia.com/advisories/43004
reference_id
reference_type
scores
url	http://secunia.com/advisories/43004

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033

reference_url	http://www.securityfocus.com/bid/45210
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/45210

reference_url	http://www.ubuntu.com/usn/USN-1047-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-1047-1

reference_url	http://www.vupen.com/english/advisories/2011/0202
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0202

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263
reference_id	606263
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4369

reference_id

CVE-2010-4369

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4369

reference_url	https://usn.ubuntu.com/1047-1/
reference_id	USN-1047-1
reference_type
scores
url	https://usn.ubuntu.com/1047-1/

fixed_packages

url pkg:deb/debian/awstats@6.9.5~dfsg-5

purl pkg:deb/debian/awstats@6.9.5~dfsg-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-kfb9-pts3-dffa

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5

aliases CVE-2010-4369

risk_score 2.9

exploitability 0.5

weighted_severity 5.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xag-6wej-6bgk

url VCID-fxrv-1bju-qkgm

vulnerability_id VCID-fxrv-1bju-qkgm

summary In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_id

reference_type

scores

value	0.00937
scoring_system	epss
scoring_elements	0.76237
published_at	2026-04-18T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76131
published_at	2026-04-01T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76135
published_at	2026-04-02T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76167
published_at	2026-04-04T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76148
published_at	2026-04-07T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.7618
published_at	2026-04-08T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76194
published_at	2026-04-12T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76218
published_at	2026-04-11T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76192
published_at	2026-04-13T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76233
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190
reference_id	977190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190

reference_url	https://security.archlinux.org/ASA-202103-15
reference_id	ASA-202103-15
reference_type
scores
url	https://security.archlinux.org/ASA-202103-15

reference_url

https://security.archlinux.org/AVG-1356

reference_id

AVG-1356

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1356

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2020-35176

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm

url VCID-kfb9-pts3-dffa

vulnerability_id VCID-kfb9-pts3-dffa

summary Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url	http://openwall.com/lists/oss-security/2012/10/26/1
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2012/10/26/1

reference_url	http://openwall.com/lists/oss-security/2012/10/29/7
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2012/10/29/7

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4547

reference_id

reference_type

scores

value	0.31657
scoring_system	epss
scoring_elements	0.96804
published_at	2026-04-18T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96766
published_at	2026-04-01T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96775
published_at	2026-04-02T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96777
published_at	2026-04-04T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96781
published_at	2026-04-07T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96789
published_at	2026-04-08T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.9679
published_at	2026-04-09T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96793
published_at	2026-04-12T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.96794
published_at	2026-04-13T12:55:00Z

value	0.31657
scoring_system	epss
scoring_elements	0.968
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79638
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/79638

reference_url	http://www.securityfocus.com/bid/56280
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/56280

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats::::::::
reference_id	cpe:2.3:a:laurent_destailleur:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*
reference_id	cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4547

reference_id

CVE-2012-4547

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4547

fixed_packages

url pkg:deb/debian/awstats@7.2%2Bdfsg-1

purl pkg:deb/debian/awstats@7.2%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1

aliases CVE-2012-4547

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfb9-pts3-dffa

url VCID-kspy-ctky-ykav

vulnerability_id VCID-kspy-ctky-ykav

summary Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-5020

reference_id

reference_type

scores

value	0.014
scoring_system	epss
scoring_elements	0.80448
published_at	2026-04-18T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80367
published_at	2026-04-01T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80373
published_at	2026-04-02T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80393
published_at	2026-04-04T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80382
published_at	2026-04-07T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80411
published_at	2026-04-08T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80421
published_at	2026-04-09T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80439
published_at	2026-04-11T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80424
published_at	2026-04-12T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80418
published_at	2026-04-13T12:55:00Z

value	0.014
scoring_system	epss
scoring_elements	0.80447
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-5020

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-5020

reference_id

CVE-2009-5020

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2009-5020

fixed_packages

url pkg:deb/debian/awstats@6.9.5~dfsg-5

purl pkg:deb/debian/awstats@6.9.5~dfsg-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-kfb9-pts3-dffa

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5

aliases CVE-2009-5020

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kspy-ctky-ykav

url VCID-mds9-fb3d-9qgt

vulnerability_id VCID-mds9-fb3d-9qgt

summary awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.

references

reference_url	http://awstats.sourceforge.net/docs/awstats_changelog.txt
reference_id
reference_type
scores
url	http://awstats.sourceforge.net/docs/awstats_changelog.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-4367

reference_id

reference_type

scores

value	0.07265
scoring_system	epss
scoring_elements	0.91655
published_at	2026-04-18T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91599
published_at	2026-04-01T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91606
published_at	2026-04-02T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91612
published_at	2026-04-04T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91621
published_at	2026-04-07T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91633
published_at	2026-04-08T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91639
published_at	2026-04-09T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91643
published_at	2026-04-11T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91645
published_at	2026-04-12T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91641
published_at	2026-04-13T12:55:00Z

value	0.07265
scoring_system	epss
scoring_elements	0.91662
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-4367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367

reference_url	http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
reference_id
reference_type
scores
url	http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2011:033

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263
reference_id	606263
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.1.:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_id	cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-4367

reference_id

CVE-2010-4367

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2010-4367

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt
reference_id	CVE-2010-4367;OSVDB-69606
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt

reference_url	https://www.securityfocus.com/bid/45123/info
reference_id	CVE-2010-4367;OSVDB-69606
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/45123/info

fixed_packages

url pkg:deb/debian/awstats@6.9.5~dfsg-5

purl pkg:deb/debian/awstats@6.9.5~dfsg-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-kfb9-pts3-dffa

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5

aliases CVE-2010-4367

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mds9-fb3d-9qgt

url VCID-pbfq-fen2-dkhs

vulnerability_id VCID-pbfq-fen2-dkhs

summary awstats: incomplete fix for CVE-2008-3714 XSS issue

references

reference_url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
reference_id
reference_type
scores
url	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-5080

reference_id

reference_type

scores

value	0.00396
scoring_system	epss
scoring_elements	0.60495
published_at	2026-04-18T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-01T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60398
published_at	2026-04-02T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60426
published_at	2026-04-04T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60393
published_at	2026-04-07T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60442
published_at	2026-04-08T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60459
published_at	2026-04-09T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60479
published_at	2026-04-11T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60465
published_at	2026-04-12T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60445
published_at	2026-04-13T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60486
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-5080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080

reference_url	http://secunia.com/advisories/33002
reference_id
reference_type
scores
url	http://secunia.com/advisories/33002

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/47116
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/47116

reference_url	http://www.ubuntu.com/usn/usn-686-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-686-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=474396
reference_id	474396
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=474396

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
reference_id	495432
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_id	cpe:2.3:a:awstats:awstats:5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_id	cpe:2.3:a:awstats:awstats:6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-5080

reference_id

CVE-2008-5080

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2008-5080

reference_url	https://usn.ubuntu.com/686-1/
reference_id	USN-686-1
reference_type
scores
url	https://usn.ubuntu.com/686-1/

fixed_packages

url pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1

purl pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-9xag-6wej-6bgk

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-kfb9-pts3-dffa

vulnerability	VCID-kspy-ctky-ykav

vulnerability	VCID-mds9-fb3d-9qgt

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1

aliases CVE-2008-5080

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbfq-fen2-dkhs

url VCID-qabb-bgqe-afdd

vulnerability_id VCID-qabb-bgqe-afdd

summary

Multiple vulnerabilities have been found in AWStats, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_id

reference_type

scores

value	0.06548
scoring_system	epss
scoring_elements	0.91159
published_at	2026-04-18T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.9116
published_at	2026-04-16T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91086
published_at	2026-04-01T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91092
published_at	2026-04-02T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.911
published_at	2026-04-04T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91109
published_at	2026-04-07T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91121
published_at	2026-04-08T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91127
published_at	2026-04-09T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91135
published_at	2026-04-13T12:55:00Z

value	0.06548
scoring_system	epss
scoring_elements	0.91136
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000501

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501

reference_url	https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
reference_id
reference_type
scores
url	https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651

reference_url	https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
reference_id
reference_type
scores
url	https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899

reference_url	https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html

reference_url	https://www.debian.org/security/2018/dsa-4092
reference_id
reference_type
scores
url	https://www.debian.org/security/2018/dsa-4092

reference_url	http://www.awstats.org/
reference_id
reference_type
scores
url	http://www.awstats.org/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
reference_id	885835
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::
reference_id	cpe:2.3:a:awstats:awstats::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000501

reference_id

CVE-2017-1000501

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000501

reference_url	https://security.gentoo.org/glsa/202007-37
reference_id	GLSA-202007-37
reference_type
scores
url	https://security.gentoo.org/glsa/202007-37

reference_url	https://usn.ubuntu.com/3518-1/
reference_id	USN-3518-1
reference_type
scores
url	https://usn.ubuntu.com/3518-1/

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1

purl pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1%252Bdeb8u1

url pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1

purl pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-qabb-bgqe-afdd

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-1%252Bdeb9u1

url pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1

purl pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

vulnerability	VCID-fxrv-1bju-qkgm

vulnerability	VCID-s1bj-dpp3-9ubt

vulnerability	VCID-vqyg-xfyk-h3e5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-2%252Bdeb10u1

aliases CVE-2017-1000501

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qabb-bgqe-afdd

url VCID-s1bj-dpp3-9ubt

vulnerability_id VCID-s1bj-dpp3-9ubt

summary AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46391

reference_id

reference_type

scores

value	0.00952
scoring_system	epss
scoring_elements	0.7643
published_at	2026-04-18T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76339
published_at	2026-04-07T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76371
published_at	2026-04-08T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76385
published_at	2026-04-09T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76411
published_at	2026-04-11T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76389
published_at	2026-04-12T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76384
published_at	2026-04-13T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76424
published_at	2026-04-16T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76328
published_at	2026-04-02T12:55:00Z

value	0.00952
scoring_system	epss
scoring_elements	0.76359
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46391

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410
reference_id	1025410
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410

reference_url

https://github.com/eldy/AWStats/pull/226

reference_id

226

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://github.com/eldy/AWStats/pull/226

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

reference_id

GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

reference_url

https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

reference_id

MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

reference_url	https://usn.ubuntu.com/5899-1/
reference_id	USN-5899-1
reference_type
scores
url	https://usn.ubuntu.com/5899-1/

fixed_packages

url pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2022-46391

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1bj-dpp3-9ubt

url VCID-vqyg-xfyk-h3e5

vulnerability_id VCID-vqyg-xfyk-h3e5

summary In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-29600

reference_id

reference_type

scores

value	0.02292
scoring_system	epss
scoring_elements	0.8464
published_at	2026-04-01T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84654
published_at	2026-04-02T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84675
published_at	2026-04-04T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84677
published_at	2026-04-07T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84699
published_at	2026-04-08T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84706
published_at	2026-04-09T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84724
published_at	2026-04-11T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84719
published_at	2026-04-12T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84713
published_at	2026-04-13T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84735
published_at	2026-04-16T12:55:00Z

value	0.02292
scoring_system	epss
scoring_elements	0.84736
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-29600

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469
reference_id	891469
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469

reference_url	https://usn.ubuntu.com/4953-1/
reference_id	USN-4953-1
reference_type
scores
url	https://usn.ubuntu.com/4953-1/

fixed_packages

url pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

purl pkg:deb/debian/awstats@7.8-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6241-45ms-x3ec

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1

aliases CVE-2020-29600

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqyg-xfyk-h3e5

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1%252Betch1

Package Instance