GLSA-200508-07 : AWStats: Arbitrary code execution using malicious Referrer information

Medium Nessus Plugin ID 19440


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200508-07 (AWStats: Arbitrary code execution using malicious Referrer information)

When using a URLPlugin, AWStats fails to sanitize Referrer URL data before using them in a Perl eval() routine.
Impact :

A remote attacker can include arbitrary Referrer information in a HTTP request to a web server, therefore injecting tainted data in the log files. When AWStats is run on this log file, this can result in the execution of arbitrary Perl code with the rights of the user running AWStats.
Workaround :

Disable all URLPlugins in the AWStats configuration.


All AWStats users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-misc/awstats-6.5' Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update.

See Also

Plugin Details

Severity: Medium

ID: 19440

File Name: gentoo_GLSA-200508-07.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2005/08/18

Modified: 2015/04/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:awstats, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2005/08/16

Vulnerability Publication Date: 2005/08/09

Reference Information

CVE: CVE-2005-1527

OSVDB: 18696

GLSA: 200508-07