Bug 459605 (CVE-2008-3714) - CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability
Summary: CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability
Alias: CVE-2008-3714
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 459741 459742 459743 459865
TreeView+ depends on / blocked
Reported: 2008-08-20 13:53 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-10-01 18:02:59 UTC

Attachments (Terms of Use)

Description Jan Lieskovsky 2008-08-20 13:53:37 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3714 
to the following vulnerability:

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows
remote attackers to inject arbitrary web script or HTML via the query_string,
a different vulnerability than CVE-2006-3681 and CVE-2006-1945.



Upstream patch:


Upstream bug report:


Comment 1 Jan Lieskovsky 2008-08-20 13:57:05 UTC
CVE-2008-3714: This issue affects the versions of the awstats package
as shipped with Fedora 8, Fedora 9 and version of the awstats package,
as shipped within the Extra Packages for Enterprise Linux (EPEL) project.

Comment 3 Aurelien Bompard 2008-08-21 20:56:11 UTC
I am having issues accessing the Fedora CVS server to update the package. I know the Infrastructure team is fixing a pretty big problem, is there any way we could update this package ?

Comment 4 Tomas Hoger 2008-08-22 06:29:44 UTC
Aurelien, there's not alternate way at the moment, afaik.  So we'll have to wait until infrastructure is restored again, which will hopefully happen soon now.

Comment 5 Tim Jackson 2008-08-23 08:41:40 UTC
For some reason an EPEL5 bug didn't get opened so I created bug #459865. Can't
work out how to make it Fedora contributor-only though.

Comment 6 Fedora Update System 2008-09-10 06:37:55 UTC
awstats-6.8-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2008-09-10 07:05:33 UTC
awstats-6.8-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Red Hat Product Security 2008-10-01 18:02:59 UTC
This issue was addressed in:


Note You need to log in before you can comment on or make changes to this bug.