CVE-2005-1527 — MEDIUM (5.0)

Q: How severe is CVE-2005-1527?

CVE-2005-1527 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-1527?

Check the references section above for vendor advisories and patch information. Affected products include: Awstats Awstats, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Awstats	Awstats	<= 6.4
Canonical	Ubuntu Linux	5.04
Debian	Debian Linux	3.0

Related Weaknesses (CWE)

CWE-94

References

http://secunia.com/advisories/16412Broken LinkPatchVendor Advisory
http://secunia.com/advisories/17463Broken Link
http://securitytracker.com/id?1014636Broken LinkPatchThird Party Advisory
http://www.debian.org/security/2005/dsa-892Mailing ListThird Party Advisory
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flasBroken Link
http://www.novell.com/linux/security/advisories/2005_19_sr.htmlBroken Link
http://www.osvdb.org/18696Broken LinkPatch
http://www.securiteam.com/unixfocus/5DP0J00GKE.htmlBroken LinkVendor Advisory
http://www.securityfocus.com/bid/14525Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/21769Third Party AdvisoryVDB Entry
https://usn.ubuntu.com/167-1/Broken Link
http://secunia.com/advisories/16412Broken LinkPatchVendor Advisory
http://secunia.com/advisories/17463Broken Link
http://securitytracker.com/id?1014636Broken LinkPatchThird Party Advisory
http://www.debian.org/security/2005/dsa-892Mailing ListThird Party Advisory

FAQ

What is CVE-2005-1527?

CVE-2005-1527 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $ur...

How severe is CVE-2005-1527?

CVE-2005-1527 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1527?

Check the references section above for vendor advisories and patch information. Affected products include: Awstats Awstats, Canonical Ubuntu Linux, Debian Debian Linux.