search menu icon-carat-right cmu-wordmark

CERT Coordination Center

AWStats fails to properly handle "\\" when specifying a configuration file directory

Vulnerability Note VU#870532

Original Release Date: 2010-11-30 | Last Revised: 2011-01-03

Overview

AWStats fails to properly handle "\\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share.

Description

From the AWStats project website: "AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically". AWStats is vulnerable to remote command execution when installed on Apache Tomcat on Microsoft Windows operating systems. The AWStats application fails to properly handle "\\" when specifying a configuration file directory.

Impact

An attacker can instruct the web server to load a malicious configuration file located on a malicious SMB file share. The malicious configuration file can contain arbitrary commands to be run on the vulnerable remote server as the web service account.

Solution

According to the vendor's changelog this vulnerability has been addressed in AWStats 7.0.

Vendor Information

870532
 
Affected   Unknown   Unaffected

AWStats

Updated:  November 30, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

http://awstats.sourceforge.net/docs/awstats_changelog.txt


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to StenoPlasma at ExploitDevelopment for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2010-4367, CVE-2010-4368
Severity Metric: 5.40
Date Public: 2010-08-18
Date First Published: 2010-11-30
Date Last Updated: 2011-01-03 14:04 UTC
Document Revision: 16

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.