CVE-2005-1527 Information

Description

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier when a URLPlugin is enabled allows remote attackers to execute arbitrary Perl code via the HTTP Referrer which is used in a $url parameter that is inserted into an eval function call.

Reference

http://secunia.com/advisories/16412 http://secunia.com/advisories/17463 http://securitytracker.com/id?1014636 http://www.debian.org/security/2005/dsa-892 http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.osvdb.org/18696 http://www.securiteam.com/unixfocus/5DP0J00GKE.html http://www.securityfocus.com/bid/14525 https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 https://usn.ubuntu.com/167-1/ Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier when a URLPlugin is enabled allows remote attackers to execute arbitrary Perl code via the HTTP Referrer which is used in a $url parameter that is inserted into an eval function call.