Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-x787-wfdh-gbd4
Vulnerability ID VCID-x787-wfdh-gbd4
Aliases CVE-2005-0435
Summary awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
epss 0.04264 https://api.first.org/data/v1/epss?cve=CVE-2005-0435
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2005-0435
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2005-0435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0435
http://secunia.com/advisories/14299
https://exchange.xforce.ibmcloud.com/vulnerabilities/19333
http://www.securityfocus.com/archive/1/390368
cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*
cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*
CVE-2005-0435 https://nvd.nist.gov/vuln/detail/CVE-2005-0435
OSVDB-13832;CVE-2005-0436;OSVDB-13831;CVE-2005-0435 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/dos/817.pl
Data source Exploit-DB
Date added Feb. 13, 2005
Description AWStats 6.4 - Denial of Service
Ransomware campaign use Known
Source publication date Feb. 14, 2005
Exploit type dos
Platform cgi
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2005-0435
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88769
EPSS Score 0.04264
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:30:02.400773+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0