CGI.AWStats.Multiple.Input.Validation.Config
Description
It indicates a possible exploit of remote command execution vulnerability in AWstat
AWStats is a free tool for generating graphical statistics from web, mail and ftp server logs.A security hole was found in its versions from 5.0 to 6.2 because of insufficient input validation when AWStats is used as a CGI. A remote user can execute arbitrary commands starting with shell metacharacters in the config parameter on a web server using web server user permissions.
Affected Products
AWStats 4.0 and 6.2
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |