Description

AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages.

It's recommended to restrict access to this directory as it may contain sensitive information (test scripts, administrative interfaces, session tokens sent via GET, ...). This kind of information may help an attacker to learn more about the structure of your website and can be used to conduct further attacks.

Remediation

Restrict (or password protect) the access to directory or make it accessible only on the local interface.

References

AWStats Security

Related Vulnerabilities

WordPress Plugin SL User Create Information Disclosure (0.2.4)

Subresource Integrity (SRI) Not Implemented

Ruby framework weak secret key

Invalid Content Security Policy (CSP) Directive Identified in meta Elements

JBoss JMX management console

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration Information Disclosure