AWStats Awstats.pl XSS Vulnerability - Dec08 Network Vulnerability

Summary

The host is running AWStats, which is prone to XSS Vulnerability.

Impact

Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site. Impact Level: Application NOTE: This issue exists because of an incomplete fix for CVE-2008-3714.

Solution

Update to higher Version or Apply patches from, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21 ***** NOTE : Ignore this warning, if above mentioned patch is applied already. *****

Insight

The flaw is due to query_string parameter in awstats.pl which is not properly sanitized before being returned to the user.

Affected

AWStats 6.8 and earlier.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
https://bugzilla.redhat.com/show_bug.cgi?id=474396

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5080
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
aeNovo Database Content Disclosure Vulnerability
Apache Subversion Module Metadata Accessible
Apache mod_proxy_ajp Information Disclosure Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability

AWStats awstats.pl XSS Vulnerability - Dec08

Take action and discover your vulnerabilities