Detections
Analytics
AWStats < 6.95 awredir.pl Arbitrary Site Redirect
medium Nessus Plugin ID 42982
Language:
Synopsis
The remote web server hosts a Perl script that is affected by an open redirect vulnerability.Description
The 'awredir.pl' script, available through the remote web server as part of an AWStats installation, is affected by an open redirect vulnerability. An attacker can exploit this issue to conduct phishing attacks by tricking users into visiting malicious websites.Solution
Upgrade to AWStats version 6.95 or later if necessary. And make sure the variable '$KEYFORMD5' defined in the affected script is set to a personalized value.See Also
Plugin Details
Severity: Medium
ID: 42982
File Name: awstats_awredir_redirect.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 12/2/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: No cve available for this vulnerability.
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 4.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Vulnerability Information
CPE: cpe:/a:laurent_destailleur:awstats
Required KB Items: www/AWStats
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Exploited by Nessus: true
Patch Publication Date: 10/25/2009
Vulnerability Publication Date: 10/25/2009
Reference Information
BID: 37157