CVE-2008-3714 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
awstats	awstats	6.8

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

awstats

bullseye	7.8-2+deb11u1 fixed
bookworm	7.8-3+deb12u1 fixed
sid	7.9-1 fixed
trixie	7.9-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

awstats

intrepid	Fixed 6.7.dfsg-5ubuntu0.1 released
hardy	Fixed 6.7.dfsg-1ubuntu0.1 released
gutsy	Fixed 6.6+dfsg-1ubuntu0.1 released
feisty	ignored
dapper	Fixed 6.5-1ubuntu1.3 released

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://awstats.sourceforge.net/docs/awstats_changelog.txt

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

http://secunia.com/advisories/31519

http://secunia.com/advisories/31759

http://secunia.com/advisories/32939

http://secunia.com/advisories/33002

http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764

http://www.debian.org/security/2008/dsa-1679

http://www.mandriva.com/security/advisories?name=MDVSA-2008:203

http://www.securityfocus.com/bid/30730

http://www.securitytracker.com/id?1020704

http://www.ubuntu.com/usn/usn-686-1

http://www.vupen.com/english/advisories/2008/2399

https://exchange.xforce.ibmcloud.com/vulnerabilities/44504

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html

http://awstats.sourceforge.net/docs/awstats_changelog.txt

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

http://secunia.com/advisories/31519

http://secunia.com/advisories/31759

http://secunia.com/advisories/32939

http://secunia.com/advisories/33002

http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764

http://www.debian.org/security/2008/dsa-1679

http://www.mandriva.com/security/advisories?name=MDVSA-2008:203

http://www.securityfocus.com/bid/30730

http://www.securitytracker.com/id?1020704

http://www.ubuntu.com/usn/usn-686-1

http://www.vupen.com/english/advisories/2008/2399

https://exchange.xforce.ibmcloud.com/vulnerabilities/44504

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html