FreeBSD : awstats -- arbitrary command execution (fdad8a87-7f94-11d9-a9e7-0001020eed82)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Several input validation errors exist in AWStats that allow a remote
unauthenticated attacker to execute arbitrary commands with the
priviliges of the web server. These programming errors involve CGI
parameters including loadplugin, logfile, pluginmode, update, and
possibly others.

Additionally, the debug and other CGI parameters may be used to cause
AWStats to disclose AWStats and system configuration information.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19185 (freebsd_pkg_fdad8a877f9411d9a9e70001020eed82.nasl)

Bugtraq ID: 12543

CVE ID: CVE-2005-0362

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now