VuXML ID | Description |
2df297a2-dc74-11da-a22b-000c6ec775d9 | awstats -- arbitrary command execution vulnerability
OS Reviews reports:
If the update of the stats via web front-end is allowed,
a remote attacker can execute arbitrary code on the server
using a specially crafted request involving the migrate
parameter. Input starting with a pipe character ("|")
leads to an insecure call to Perl's open function and the
rest of the input being executed in a shell. The code is
run in the context of the process running the AWStats
CGI.
Arbitrary code can be executed by uploading a specially
crafted configuration file if an attacker can put a file
on the server with chosen file name and content (e.g. by
using an FTP account on a shared hosting server). In this
configuration file, the LogFile directive can be used to
execute shell code following a pipe character. As above,
an open call on unsanitized input is the source of this
vulnerability.
Discovery 2006-05-03 Entry 2006-05-05 Modified 2006-11-15 awstats
< 6.5_2,1
http://awstats.sourceforge.net/awstats_security_news.php
http://secunia.com/advisories/19969/
http://www.osreviews.net/reviews/comm/awstats
|
27d78386-d35f-11dd-b800-001b77d09812 | awstats -- multiple XSS vulnerabilities
Secunia reports:
Morgan Todd has discovered a vulnerability in AWStats,
which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input passed in the URL to awstats.pl is not properly
sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
Successful exploitation requires that the application is
running as a CGI script.
Discovery 2008-03-12 Entry 2009-01-04 awstats
< 6.9,1
awstats-devel
> 0
CVE-2008-3714
CVE-2008-5080
http://secunia.com/advisories/31519
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
|
bba3f684-9b1d-11ed-9a3f-b42e991fc52e | www/awstats -- Partial absolute pathname
MITRE reports:
It seems #90 is not completely fixed in 7.8.
(that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed).
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a
partial absolute pathname (omitting the initial /etc), even
though it was intended to only read a file in the /etc/awstats/awstats.conf format.
NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
Discovery 2022-12-11 Entry 2023-01-23 awstats
< 7.8
CVE-2020-35176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176
|
4055aee5-f4c6-11e7-95f2-005056925db4 | awstats -- remote code execution
Mitre reports:
Awstats version 7.6 and earlier is vulnerable to a path traversal
flaw in the handling of the "config" and "migrate" parameters resulting
in unauthenticated remote code execution.
Discovery 2018-01-03 Entry 2018-01-08 awstats
< 7.7,1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
CVE-2017-1000501
ports/225007
|
0f5a2b4d-694b-11d9-a9e7-0001020eed82 | awstats -- remote command execution vulnerability
An iDEFENSE Security Advisory reports:
Remote exploitation of an input validation vulnerability
in AWStats allows attackers to execute arbitrary commands
under the privileges of the web server.
The problem specifically exists when the application is
running as a CGI script on a web server. The "configdir"
parameter contains unfiltered user-supplied data that is
utilized in a call to the Perl routine open()...
Successful exploitation allows remote attackers to
execute arbitrary commands under the privileges of the web
server. This can lead to further compromise as it provides
remote attackers with local access.
Discovery 2004-10-21 Entry 2005-01-18 Modified 2005-02-23 awstats
< 6.3
12270
CVE-2005-0116
272296
http://marc.theaimsgroup.com/?l=full-disclosure&m=110600949323439
http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
|
fdad8a87-7f94-11d9-a9e7-0001020eed82 | awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a
remote unauthenticated attacker to execute arbitrary commands
with the priviliges of the web server. These programming
errors involve CGI parameters including
loadplugin , logfile ,
pluginmode , update , and possibly
others.
Additionally, the debug and other CGI parameters
may be used to cause AWStats to disclose AWStats and system
configuration information.
Discovery 2005-02-10 Entry 2005-02-16 Modified 2005-02-23 awstats
< 6.4
CVE-2005-0362
CVE-2005-0363
CVE-2005-0435
CVE-2005-0436
CVE-2005-0437
CVE-2005-0438
12543
12545
http://marc.theaimsgroup.com/?l=bugtraq&m=110840530924124
http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488
http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
|
e86fbb5f-0d04-11da-bc08-0001020eed82 | awstats -- arbitrary code execution vulnerability
An iDEFENSE Security Advisory reports:
Remote exploitation of an input validation vulnerability
in AWStats allows remote attackers to execute arbitrary
commands.
The problem specifically exists because of insufficient
input filtering before passing user-supplied data to an
eval() function. As part of the statistics
reporting function, AWStats displays information about the
most common referrer values that caused users to visit the
website. The referrer data is used without proper
sanitation in an eval() statement, resulting
in the execution of arbitrary perl code.
Successful exploitation results in the execution of
arbitrary commands with permissions of the web
service. Exploitation will not occur until the stats page
has been regenerated with the tainted referrer values from
the http access log. Note that AWStats is only vulnerable
in situations where at least one URLPlugin is enabled.
Discovery 2005-08-09 Entry 2005-08-14 Modified 2005-08-23 awstats
< 6.4_1
CVE-2005-1527
http://marc.theaimsgroup.com/?l=full-disclosure&m=112377934108902
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
|
ce6ce2f8-34ac-11e0-8103-00215c6a37bb | awstats -- arbitrary commands execution vulnerability
Awstats change log reports:
- Security fix (Traverse directory of LoadPlugin)
- Security fix (Limit config to defined directory
to avoid access to external config file via a nfs
or webdav link).
Discovery 2010-05-01 Entry 2011-02-10 awstats
< 7.0,1
awstats-devel
> 0
CVE-2010-4367
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
http://awstats.sourceforge.net/docs/awstats_changelog.txt
|