ID de Prueba:	1.3.6.1.4.1.25623.1.0.69058
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:033 (awstats)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to awstats announced via advisory MDVSA-2011:033. Multiple vulnerabilities has been found and corrected in awstats: awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server (CVE-2010-4367). Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory (CVE-2010-4369). The updated packages have been upgraded to the latest version to address these vulnerabilities. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:033 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4367 http://www.mandriva.com/security/advisories?name=MDVSA-2011:033 http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html Common Vulnerability Exposure (CVE) ID: CVE-2010-4369 BugTraq ID: 45210 http://www.securityfocus.com/bid/45210 http://secunia.com/advisories/43004 http://www.ubuntu.com/usn/USN-1047-1 http://www.vupen.com/english/advisories/2011/0202
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.