CVE-2017-1000501

Name: CVE-2017-1000501
Creator: NVD / NIST
Published: 2018-01-03T15:29:00.283+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.35%

Last modified Jun 17, 2026

CVE-2017-1000501 is a vulnerability of currently unknown severity. Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.. EPSS estimates a 4.35% chance of exploitation in the next 30 days.

Description

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

Metrics

EPSS Probability

4.35%

90.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Awstats	Awstats	<= 7.6.0
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0

References

http://www.awstats.org/Vendor Advisory
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651Patch, Third Party Advisory
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00012.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/202007-37
https://www.debian.org/security/2018/dsa-4092Third Party Advisory
http://www.awstats.org/Vendor Advisory
https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651Patch, Third Party Advisory
https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00012.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/202007-37
https://www.debian.org/security/2018/dsa-4092Third Party Advisory

Timeline

Published: Jan 3, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-1000501?

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

How severe is CVE-2017-1000501?

Severity scoring for CVE-2017-1000501 is pending analysis. The EPSS model estimates a 4.35% probability of exploitation in the next 30 days.

How do I fix CVE-2017-1000501?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-1000501?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST