CVE-2020-35176 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Directory traversal
Description	In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. This issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1356	awstats	7.8-2	7.8-3	High	Fixed	FS#69301

Date	Advisory	Group	Package	Severity	Type
25 Mar 2021	ASA-202103-15	AVG-1356	awstats	High	directory traversal

References
https://github.com/eldy/awstats/issues/195 https://github.com/eldy/awstats/pull/196 https://github.com/eldy/AWStats/commit/0d4d4c05f8e73be8f71dd361dc55cbd52858b823