Summary

Acunetix 360 detected AWStats, a web-based statistics software.

This information can help an attacker gain a greater understanding of the systems in use and potentially help develop further attacks.

Impact

An attacker can search for specific security vulnerabilities for the version of AWStats identified. More importantly, AWStats disclose too much information about hidden pages (config, administration etc.).

Remediation

Configure your web server to prevent information leakage from the AWStats directory by implementing access control mechanisms to stop public access.

Severity

Information

Classification

CAPEC-224 CWE-205 ISO27001-A.14.2.5 WASC-45 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N