AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability Network Vulnerability

Summary

The remote host seems to be running AWStats, a free real-time logfile analyzer. AWStats Rawlog Plugin is reported prone to an input validation vulnerability. The issue is reported to exist because user supplied 'logfile' URI data passed to the 'awstats.pl' script is not sanitized. An attacker may exploit this condition to execute commands remotely or disclose contents of web server readable files.

Solution

Upgrade to the latest version of this software

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09
An Image Gallery Directory Traversal Vulnerability
3Com NBX VoIP NetSet Detection

AWStats rawlog plugin logfile parameter input validation vulnerability

Take action and discover your vulnerabilities