VulnerableCode Package Details - pkg:deb/debian/awstats@6.5%2Bdfsg-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/awstats@6.5%2Bdfsg-1

Essentials
History (57)

purl	pkg:deb/debian/awstats@6.5%2Bdfsg-1

Next non-vulnerable version	7.8-3+deb12u2
Latest non-vulnerable version	8.0-5
Risk	10.0

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-4mn4-kwvz-zfdr Aliases: CVE-2008-3714	awstats: Cross-site scripting (XSS) vulnerability	6.7.dfsg-5.1+lenny1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6241-45ms-x3ec Aliases: CVE-2025-63261	AWStats 8.0 is vulnerable to Command Injection via the open function	7.8-3+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.8-3+deb12u2 Affected by 0 other vulnerabilities. 7.9-1+deb13u1 Affected by 0 other vulnerabilities. 8.0-5 Affected by 0 other vulnerabilities.
VCID-9xag-6wej-6bgk Aliases: CVE-2010-4369	Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.	6.9.5~dfsg-5 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fxrv-1bju-qkgm Aliases: CVE-2020-35176	In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.	7.8-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kfb9-pts3-dffa Aliases: CVE-2012-4547	Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.	7.2+dfsg-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kspy-ctky-ykav Aliases: CVE-2009-5020	Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	6.9.5~dfsg-5 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mds9-fb3d-9qgt Aliases: CVE-2010-4367	awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.	6.9.5~dfsg-5 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pbfq-fen2-dkhs Aliases: CVE-2008-5080	awstats: incomplete fix for CVE-2008-3714 XSS issue	6.7.dfsg-5.1+lenny1 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qabb-bgqe-afdd Aliases: CVE-2017-1000501	Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code.	7.2+dfsg-1+deb8u1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.6+dfsg-1+deb9u1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.6+dfsg-2+deb10u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s1bj-dpp3-9ubt Aliases: CVE-2022-46391	AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.	7.8-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vqyg-xfyk-h3e5 Aliases: CVE-2020-29600	In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.	7.8-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (6)

Vulnerability	Summary	Aliases
VCID-48cr-bq8t-fqd3	Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.	CVE-2006-3681
VCID-7896-2ufa-kqd1	awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.	CVE-2006-3682
VCID-gtjm-xaua-5bhm	AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.	CVE-2006-2644
VCID-sy25-mjxc-47bn	AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code.	CVE-2006-1945
VCID-wezb-5vk9-1qdf	Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.	CVE-2005-1527
VCID-xwvz-ewcf-x7fm	AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code.	CVE-2006-2237

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:01:31.889380+00:00	Debian Oval Importer	Affected by	VCID-pbfq-fen2-dkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T00:42:49.437761+00:00	Debian Oval Importer	Affected by	VCID-vqyg-xfyk-h3e5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T00:25:01.768090+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:31:59.952831+00:00	Debian Oval Importer	Affected by	VCID-kfb9-pts3-dffa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:52:54.633486+00:00	Debian Oval Importer	Fixing	VCID-sy25-mjxc-47bn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:07:10.407048+00:00	Debian Oval Importer	Affected by	VCID-s1bj-dpp3-9ubt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:45:08.335045+00:00	Debian Oval Importer	Affected by	VCID-4mn4-kwvz-zfdr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:01:02.114185+00:00	Debian Oval Importer	Fixing	VCID-xwvz-ewcf-x7fm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:29:56.382650+00:00	Debian Oval Importer	Affected by	VCID-6241-45ms-x3ec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:18:21.485505+00:00	Debian Oval Importer	Affected by	VCID-mds9-fb3d-9qgt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:40:29.227685+00:00	Debian Oval Importer	Fixing	VCID-wezb-5vk9-1qdf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:11:50.366841+00:00	Debian Oval Importer	Fixing	VCID-gtjm-xaua-5bhm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:38:05.385635+00:00	Debian Oval Importer	Affected by	VCID-9xag-6wej-6bgk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:23:55.218125+00:00	Debian Oval Importer	Fixing	VCID-48cr-bq8t-fqd3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:44:43.771586+00:00	Debian Oval Importer	Affected by	VCID-fxrv-1bju-qkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:05:06.450310+00:00	Debian Oval Importer	Fixing	VCID-7896-2ufa-kqd1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:49:30.119123+00:00	Debian Oval Importer	Affected by	VCID-kspy-ctky-ykav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:30:29.860325+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T13:30:36.587924+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-12T00:33:41.775920+00:00	Debian Oval Importer	Affected by	VCID-pbfq-fen2-dkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:15:33.764417+00:00	Debian Oval Importer	Affected by	VCID-vqyg-xfyk-h3e5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:58:30.368627+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:07:13.287592+00:00	Debian Oval Importer	Affected by	VCID-kfb9-pts3-dffa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:29:25.731155+00:00	Debian Oval Importer	Fixing	VCID-sy25-mjxc-47bn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:45:07.957166+00:00	Debian Oval Importer	Affected by	VCID-s1bj-dpp3-9ubt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:23:48.667604+00:00	Debian Oval Importer	Affected by	VCID-4mn4-kwvz-zfdr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:41:18.669311+00:00	Debian Oval Importer	Fixing	VCID-xwvz-ewcf-x7fm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:11:19.839493+00:00	Debian Oval Importer	Affected by	VCID-6241-45ms-x3ec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:00:05.757947+00:00	Debian Oval Importer	Affected by	VCID-mds9-fb3d-9qgt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:23:04.145168+00:00	Debian Oval Importer	Fixing	VCID-wezb-5vk9-1qdf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:55:27.427900+00:00	Debian Oval Importer	Fixing	VCID-gtjm-xaua-5bhm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:24:18.010746+00:00	Debian Oval Importer	Affected by	VCID-9xag-6wej-6bgk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:10:19.740958+00:00	Debian Oval Importer	Fixing	VCID-48cr-bq8t-fqd3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:31:33.027963+00:00	Debian Oval Importer	Affected by	VCID-fxrv-1bju-qkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:52:39.012307+00:00	Debian Oval Importer	Fixing	VCID-7896-2ufa-kqd1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:37:10.365717+00:00	Debian Oval Importer	Affected by	VCID-kspy-ctky-ykav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:18:47.894042+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:19:17.272631+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-09T00:03:55.023396+00:00	Debian Oval Importer	Affected by	VCID-pbfq-fen2-dkhs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:46:32.607637+00:00	Debian Oval Importer	Affected by	VCID-vqyg-xfyk-h3e5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:30:08.205069+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:40:52.909009+00:00	Debian Oval Importer	Affected by	VCID-kfb9-pts3-dffa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:05:07.732078+00:00	Debian Oval Importer	Fixing	VCID-sy25-mjxc-47bn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:22:56.551672+00:00	Debian Oval Importer	Affected by	VCID-s1bj-dpp3-9ubt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:02:24.468571+00:00	Debian Oval Importer	Affected by	VCID-4mn4-kwvz-zfdr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:21:16.180154+00:00	Debian Oval Importer	Fixing	VCID-xwvz-ewcf-x7fm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:52:34.470344+00:00	Debian Oval Importer	Affected by	VCID-6241-45ms-x3ec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:41:53.821518+00:00	Debian Oval Importer	Affected by	VCID-mds9-fb3d-9qgt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:06:44.188363+00:00	Debian Oval Importer	Fixing	VCID-wezb-5vk9-1qdf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:40:07.381767+00:00	Debian Oval Importer	Fixing	VCID-gtjm-xaua-5bhm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:12:30.741392+00:00	Debian Oval Importer	Affected by	VCID-9xag-6wej-6bgk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:59:22.946823+00:00	Debian Oval Importer	Fixing	VCID-48cr-bq8t-fqd3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:22:41.233178+00:00	Debian Oval Importer	Affected by	VCID-fxrv-1bju-qkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:45:58.991752+00:00	Debian Oval Importer	Fixing	VCID-7896-2ufa-kqd1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:31:09.836985+00:00	Debian Oval Importer	Affected by	VCID-kspy-ctky-ykav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T22:52:30.442249+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T21:55:13.883694+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0