AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

An iDEFENSE Security Advisory reports :

Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server.

The problem specifically exists when the application is running as a CGI script on a web server. The 'configdir' parameter contains unfiltered user-supplied data that is utilized in a call to the Perl routine open()...

Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. This can lead to further compromise as it provides remote attackers with local access.

The remote host is affected by the vulnerability described in GLSA-200501-36 (AWStats: Remote code execution)

    When 'awstats.pl' is run as a CGI script, it fails to validate specific     inputs which are used in a Perl open() function call. Furthermore, a     user could read log file content even when plugin rawlog was not     enabled.
  Impact :

    A remote attacker could supply AWStats malicious input, potentially     allowing the execution of arbitrary code with the rights of the web     server. He could also access raw log contents.
  Workaround :

    Making sure that AWStats does not run as a CGI script will avoid the     issue, but we recommend that users upgrade to the latest version, which     fixes these bugs.

The remote host is running AWStats, a CGI log analyzer.
There are various flaws in the remote version of this software that may allow an attacker to execute code on the remote host.

The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ...  traffic. 

The remote version of this software fails to sanitize user-supplied input to the 'configdir' parameter of the 'awstats.pl' script.  An attacker may exploit this condition to execute commands remotely or disclose contents of files, subject to the privileges under which the web server operates.

ID	Name	Product	Family	Severity
18840	FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)	Nessus	FreeBSD Local Security Checks	high
16427	GLSA-200501-36 : AWStats: Remote code execution	Nessus	Gentoo Local Security Checks	high
2534	AWStats < 6.3 awstats.pl configdir Parameter Remote Command Execution	Nessus Network Monitor	CGI	high
16189	AWStats awstats.pl configdir Parameter Arbitrary Command Execution	Nessus	CGI abuses	high

Detections

Analytics

CVE-2005-0116

critical

Tenable Plugins

high

high

high

high