Executive Summary
| Summary | |
|---|---|
| Title | New awstats packages fix arbitrary command execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-682 | First vendor Publication | 2005-02-15 |
| Vendor | Debian | Last vendor Modification | 2005-02-15 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In addition to CAN-2005-0116 more vulnerabilities have been found in awstats, a powerful and featureful web server log analyzer with a CGI frontend. Missing input sanitising can cause arbitrary commands to be executed. For the stable distribution (woody) this problem has been fixed in version 4.0-0.woody.2. For the unstable distribution (sid) this problem has been fixed in version 6.2-1.2. We recommend that you upgrade your awstats package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-682 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| AWStats configdir parameter command execution | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-36 (awstats) File : nvt/glsa_200501_36.nasl |
| 2008-09-04 | Name : FreeBSD Ports: awstats File : nvt/freebsd_awstats.nasl |
| 2008-09-04 | Name : FreeBSD Ports: awstats File : nvt/freebsd_awstats0.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 682-1 (awstats) File : nvt/deb_682_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 16089 | AWStats awstats.pl Multiple Parameter Shell Metacharacter Arbitrary Command E... AWStats contains several flaws that may allow a malicious user to execute arbitrary code. The issue is triggered when providing shell meta-characters to the "pluginmode", "loadplugin", or "noloadplugin" variables of the awstats.pl script. It is possible that the flaw may allow execution of arbitrary commands under the web server privileges resulting in a loss of integrity. |
| 13002 | AWStats awstats.pl configdir Parameter Arbitrary Command Execution AWStats contains a flaw that may allow a malicious user to issue arbitray commands under the web server privileges. The issue is triggered when using the pipe character (|) and shell metacaracters in the 'configdir' variable of the awstats.pl script. Such input is not santitized before being passed to the perl 'open()' command to be executed. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-09-05 | awstats.pl configdir command injection attempt RuleID : 50882 - Revision : 1 - Type : SERVER-WEBAPP |
| 2019-09-05 | awstats.pl configdir command injection attempt RuleID : 50881 - Revision : 1 - Type : SERVER-WEBAPP |
| 2019-09-05 | awstats.pl configdir command injection attempt RuleID : 50880 - Revision : 1 - Type : SERVER-WEBAPP |
| 2014-01-10 | awstats.pl configdir command injection attempt RuleID : 3813 - Revision : 13 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_0f5a2b4d694b11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_fdad8a877f9411d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2005-02-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-682.nasl - Type : ACT_GATHER_INFO |
| 2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-36.nasl - Type : ACT_GATHER_INFO |
| 2005-01-18 | Name : The remote web server contains a CGI script that allows execution of arbitrar... File : awstats_configdir.nasl - Type : ACT_ATTACK |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:54 |
|
| 2013-05-11 12:18:54 |
|
