CVE-2006-3682

Description

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.

How to fix CVE-2006-3682

To remediate CVE-2006-3682, upgrade the affected package to a fixed version below.

• Debian/awstats—upgrade to 6.5-2 or later

Is CVE-2006-3682 being exploited?

Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 6.5-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3682