Red Hat Bugzilla – Bug 459605
CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability
Last modified: 2016-03-04 07:34:57 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3714
to the following vulnerability:
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows
remote attackers to inject arbitrary web script or HTML via the query_string,
a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
Upstream bug report:
CVE-2008-3714: This issue affects the versions of the awstats package
as shipped with Fedora 8, Fedora 9 and version of the awstats package,
as shipped within the Extra Packages for Enterprise Linux (EPEL) project.
I am having issues accessing the Fedora CVS server to update the package. I know the Infrastructure team is fixing a pretty big problem, is there any way we could update this package ?
Aurelien, there's not alternate way at the moment, afaik. So we'll have to wait until infrastructure is restored again, which will hopefully happen soon now.
For some reason an EPEL5 bug didn't get opened so I created bug #459865. Can't
work out how to make it Fedora contributor-only though.
awstats-6.8-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
awstats-6.8-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: