Summary
The remote host is running AWStats, a free real-time logfile analyzer.
The remote version of this software is prone to an input validation vulnerability.
The issue is reported to exist because user supplied 'configdir' URI data passed to the 'awstats.pl' script is not sanitized.
An attacker may exploit this condition to execute commands remotely or disclose contents of web server readable files.
Solution
Upgrade at least to version 6.3 of this software
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability
- AdPeeps 'index.php' Multiple Vulnerabilities.
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability