mailing list archives
Re: CVE request: awstats before 7.1 awredir.pl vulnerability
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 29 Oct 2012 12:54:58 -0600
* [2012-10-25 23:45:13 -0600] Kurt Seifried wrote:
On 10/25/2012 03:07 AM, Hanno Böck wrote:
Security fix into awredir.pl
I didn't find any more info, but please assign a CVE. (and i found
there were awredir issues before that got CVE-2009-5020, but I
think this is a different issue, at least if their changelogs are
Please use CVE-2012-4547 for this issue.
I suspect it is this:
But it's been over a year since this commit (but the last one is 8mos
old and seems to have no security relevance).
So looks to be XSS sanitization.
Vincent Danen / Red Hat Security Response Team