CGI.AWStats.Multiple.Input.Validation.Config

description-logoDescription

It indicates a possible exploit of remote command execution vulnerability in AWstat


AWStats is a free tool for generating graphical statistics from web, mail and ftp server logs.A security hole was found in its versions from 5.0 to 6.2 because of insufficient input validation when AWStats is used as a CGI. A remote user can execute arbitrary commands starting with shell metacharacters in the config parameter on a web server using web server user permissions.


affected-products-logoAffected Products

AWStats 4.0 and 6.2

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)