Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates a possible attempt to exploit an Input Validation vulnerability in the AWStats Rawlog Plugin.The vulnerability lies in the "awstats.pl" script and is due to the script's inability to properly sanitize user-supplied input. Remote attackers may exploit this to execute arbitrary code or disclose the contents of files on the web server. |
Affected ProductsAWStats 6.3 and earlier versions. |
Recommended ActionsUpgrade to AWStats 6.4 or later. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-2116CVE-2005-1950 CVE-2005-1921 |
Reference/shttp://www.securityfocus.com/bid/10950 (BugTraq) |
