oss-security - Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <AANLkTinp-R7fsC1SfFpHTMir9swqR9hPVd1LaXcQon3z@mail.gmail.com>
Date: Fri, 31 Dec 2010 15:13:44 -0500
From: Anthon Pang <anthon.pang@...il.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file
 inclusion vulnerability

Request withdrawn.  @OSVDB pointed me to CVE 2010-2677.

On Fri, Dec 31, 2010 at 12:28 AM, Anthon Pang <anthon.pang@...il.com> wrote:
> I was searching OSVDB, and I see this one wasn't reported (and
> presumably, not assigned a CVE).
>
> Versions of OpenWebAnalytics prior to 1.2.4 are vulnerable to a
> remote/local file inclusion attack.
>
> OWA 1.2.4 was released March, 28, 2010
>
> Vendor release announcement:  http://www.openwebanalytics.com/?p=87
>
> Commits:
> - http://trac.openwebanalytics.com/changeset/847/trunk/owa_coreAPI.php
> - http://trac.openwebanalytics.com/changeset/847/trunk/owa_lib.php
> - http://trac.openwebanalytics.com/changeset/847/trunk/owa_requestContainer.php
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.