Vulnerability Note VU#870532
AWStats fails to properly handle "\\" when specifying a configuration file directory
AWStats fails to properly handle "\\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share.
From the AWStats project website: "AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically". AWStats is vulnerable to remote command execution when installed on Apache Tomcat on Microsoft Windows operating systems. The AWStats application fails to properly handle "\\" when specifying a configuration file directory.
An attacker can instruct the web server to load a malicious configuration file located on a malicious SMB file share. The malicious configuration file can contain arbitrary commands to be run on the vulnerable remote server as the web service account.
According to the vendor's changelog this vulnerability has been addressed in AWStats 7.0.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AWStats||Affected||-||30 Nov 2010|
CVSS Metrics (Learn More)
Thanks to StenoPlasma at ExploitDevelopment for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2010-4367 CVE-2010-4368
- Date Public: 18 Aug 2010
- Date First Published: 30 Nov 2010
- Date Last Updated: 03 Jan 2011
- Severity Metric: 5.40
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.