AWStats.Configuration.File.Remote.Command.Execution
Description
This indicates a possible attempt to exploit a vulnerability in some versions of the AWStats tool.
AWStats is a free tool for generating graphical statistics from web, mail and ftp server logs.
A security hole exists because of insufficient input validation when AWStats is used as a CGI program. A remote user can execute arbitrary commands starting with | on the web server, with web server's user permissions.
Affected Products
AWStats 6.95 and older.
Impact
Attacker can execute arbitrary commands using web server user permission.
Recommended Actions
Apply the patch supplied by the vendor:
http://awstats.sourceforge.net
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 |