Rapid7 Vulnerability & Exploit Database

HTTP AWStats Remote Code Execution

Back to Search

HTTP AWStats Remote Code Execution

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
05/02/2005
Created
07/25/2018
Added
03/20/2006
Modified
02/13/2015

Description

AWStats is a tool that generates web, ftp or mail server statistics, graphically. Written in perl, it works as a CGI or from command line and shows all the possible information that the log file contains

An input validation vulnerability exists in AWStats main script awstats.pl using which a remote attacker may execute perl code and call available perl modules with the priveleges of the web server. An attacker can also use this vulnerability to get sensitive information or launch a denial of service attack.

Solution(s)

  • http-awstats-upgrade-6_5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;