HTTP: AwStat: Malicious Activity

This signature detects attempts to exploit a known vulnerability in the Awstat module, a Perl module used to provide server usage statistics. Awstat 6.1 and some versions earlier than 6.3 are vulnerable. Attackers can use malicious command injections to execute arbitrary code with Web server privileges.

Extended Description

AWStats is reported prone to a remote arbitrary-command-execution vulnerability because the software fails to sufficiently sanitize user-supplied data. An attacker can prefix arbitrary commands with the '|' character and have them execute in the context of the server through a URI parameter. This issue was originally specified in BID 12270 (AWStats Multiple Unspecified Remote Input Validation Vulnerabilities). Due to the availability of further details, it is being assigned a new BID.

Affected Products

Gentoo linux

References

BugTraq: 12298

CVE: CVE-2005-0116

URL: http://awstats.sourceforge.net/docs/awstats_changelog.txt http://www.kb.cert.org/vuls/id/272296/ http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities

Short Name

HTTP:CGI:AWSTATS

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: AwStat: Malicious Activity

Extended Description

Affected Products

References

Found a potential security threat?