Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution

High

Synopsis

The remote host is running AWStats, a CGI log analyzer that generates statistic reports based on HTTP, SMTP or FTP logs.

Description

The remote host is running AWStats, a CGI log analyzer that generates statistic reports based on HTTP, SMTP or FTP logs. AWStats Rawlog Plugin is reported prone to an input validation vulnerability. A remote attacker may supply shell metacharacters and commands as a value for the 'logfile' URI parameter. These commands and metacharacters will be processed by the underlying shell, resulting in the execution of commands in the context of the hosting web server.

Solution

Upgrade or patch according to vendor recommendations.