This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. When you create an IPS block for this signature, yo. It could be some botnet that is probing sites for this particular vulnerability. This can lead to further compromise as it provides remote attackers with local access. Vulnerabilities Exploits IOC Security News BugBounty Popular. Security Intelligence Non-intrusive assessment Developers SDK Database. Description The remote host is running AWStats, a CGI log analyzer. ![]() Exploit for cgi platform in category web applications Products. The remote host is running AWStats, a CGI log analyzer. Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. AWStats configdir Remote Command Execution Exploit (c code) T00:00:00 Description. It' s not blocked by default - just ' detected.' You can tell this by looking at the ' status' line. A remote command execution vulnerability exists in the script used in the AWStats software package. The 'configdir' parameter contains unfiltered user-supplied data that is utilized in a call to the Perl routine open(). Necessarily indicate when this vulnerability wasĭiscovered, shared with the affected vendor, publicly I had some of these also - I had to create a rule to block them. The CVE ID was allocated or reserved, and does not The list is not intended to be complete.ĭisclaimer: The record creation date may reflect when in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via. awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted. Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. HC3 Awstats Final - Free download as Word Doc (.doc), PDF File (.pdf). AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |