Executive Summary
Summary | |
---|---|
Title | AWStats fails to properly handle "\" when specifying a configuration file directory |
Informations | |||
---|---|---|---|
Name | VU#870532 | First vendor Publication | 2010-11-30 |
Vendor | VU-CERT | Last vendor Modification | 2011-01-03 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#870532AWStats fails to properly handle "\" when specifying a configuration file directoryOverviewAWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share.I. DescriptionFrom the AWStats project website: "AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically". AWStats is vulnerable to remote command execution when installed on Apache Tomcat on Microsoft Windows operating systems. The AWStats application fails to properly handle "\" when specifying a configuration file directory.II. ImpactAn attacker can instruct the web server to load a malicious configuration file located on a malicious SMB file share. The malicious configuration file can contain arbitrary commands to be run on the vulnerable remote server as the web service account.III. SolutionAccording to the vendor's changelog this vulnerability has been addressed in AWStats 7.0.Vendor Information
Referenceshttp://awstats.sourceforge.net/docs/awstats_changelog.txt Thanks to StenoPlasma at ExploitDevelopment for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/870532 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-03-05 | Name : FreeBSD Ports: awstats File : nvt/freebsd_awstats4.nasl |
2011-02-28 | Name : Mandriva Update for awstats MDVSA-2011:033 (awstats) File : nvt/gb_mandriva_MDVSA_2011_033.nasl |
2010-12-01 | Name : Awstats Configuration File Remote Arbitrary Command Execution Vulnerability File : nvt/gb_awstats_45123.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69606 | AWStats on Windows awstats.cgi configdir Parameter Crafted Share Config File ... AWStats on Windows contains a flaw related to the awstats.cgi script. The issue is triggered when a remote attacker uses a maliciously crafted share config file located on a WebDAV server, NFS server or a UNC share pathname. This may allow the attacker to execute arbitrary code or gain administrative control over a web server. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-19 | AWStats awstats.cgi remote file include attempt RuleID : 38253 - Revision : 2 - Type : SERVER-WEBAPP |
2016-04-19 | AWStats awstats.cgi remote file include attempt RuleID : 38252 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-02-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ce6ce2f834ac11e0810300215c6a37bb.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:26 |
|