=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN505
_____________________________________________________________________

DATE                      : 07/12/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running AWStats versions prior to 7.0.

======================================================================
http://www.kb.cert.org/vuls/id/870532
______________________________________________________________________

Vulnerability Note VU#870532

AWStats fails to properly handle "\\" when specifying a configuration
file directory

Overview

AWStats fails to properly handle "\\" when specifying a configuration
file directory. This could allow an attacker to specify an arbitrary
configuration file located on an SMB share.

I. Description