CGI.AWStats.Rawlog.Input.Validation
Description
It indicates a possible exploit of remote command execution vulnerability in AWstat.
AWStats is a free tool for generating graphical statistics from web, mail and ftp server logs.A security hole was found in its versions from 5.0 to 6.2 because of insufficient input validation when AWStats is used as a CGI. A remote user can read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
Affected Products
AWStats 4.0 and 6.2
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |