USN-5899-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5899-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5899-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5899-1

Related

Published

2023-02-28T08:23:55.689632Z

Modified

2023-02-28T08:23:55.689632Z

Summary

awstats vulnerability

Details

It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks.

References

Affected packages

Ubuntu:Pro:16.04:LTS / awstats

Package

Name: awstats
Purl: pkg:deb/ubuntu/awstats@7.4+dfsg-1ubuntu0.4+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4+dfsg-1ubuntu0.4+esm2

Affected versions

7.*

7.4+dfsg-1

7.4+dfsg-1ubuntu0.1

7.4+dfsg-1ubuntu0.2

7.4+dfsg-1ubuntu0.3

7.4+dfsg-1ubuntu0.4+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "awstats",
            "binary_version": "7.4+dfsg-1ubuntu0.4+esm2"
        }
    ]
}

Ubuntu:18.04:LTS / awstats

Package

Name: awstats
Purl: pkg:deb/ubuntu/awstats@7.6+dfsg-2ubuntu0.18.04.2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.6+dfsg-2ubuntu0.18.04.2

Affected versions

7.*

7.6+dfsg-1

7.6+dfsg-1ubuntu2

7.6+dfsg-2

7.6+dfsg-2ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "awstats",
            "binary_version": "7.6+dfsg-2ubuntu0.18.04.2"
        }
    ]
}

Ubuntu:20.04:LTS / awstats

Package

Name: awstats
Purl: pkg:deb/ubuntu/awstats@7.6+dfsg-2ubuntu0.20.04.2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.6+dfsg-2ubuntu0.20.04.2

Affected versions

7.*

7.6+dfsg-2

7.6+dfsg-2ubuntu0.20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "awstats",
            "binary_version": "7.6+dfsg-2ubuntu0.20.04.2"
        }
    ]
}

Ubuntu:22.04:LTS / awstats

Package

Name: awstats
Purl: pkg:deb/ubuntu/awstats@7.8-2ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.8-2ubuntu0.22.04.1

Affected versions

7.*

7.8-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "awstats",
            "binary_version": "7.8-2ubuntu0.22.04.1"
        }
    ]
}