CGI.AWStats.Rawlog.Input.Validation

description-logoDescription

It indicates a possible exploit of remote command execution vulnerability in AWstat.


AWStats is a free tool for generating graphical statistics from web, mail and ftp server logs.A security hole was found in its versions from 5.0 to 6.2 because of insufficient input validation when AWStats is used as a CGI. A remote user can read server web logs by setting the loadplugin and pluginmode parameters to rawlog.


affected-products-logoAffected Products

AWStats 4.0 and 6.2

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1