Signature Detail

HTTP: AwStat: Malicious Activity

This signature detects attempts to exploit a known vulnerability in the Awstat module, a Perl module used to provide server usage statistics. Awstat 6.1 and some versions earlier than 6.3 are vulnerable. Attackers can use malicious command injections to execute arbitrary code with Web server privileges.

Extended Description

AWStats is reported prone to a remote arbitrary-command-execution vulnerability because the software fails to sufficiently sanitize user-supplied data. An attacker can prefix arbitrary commands with the '|' character and have them execute in the context of the server through a URI parameter. This issue was originally specified in BID 12270 (AWStats Multiple Unspecified Remote Input Validation Vulnerabilities). Due to the availability of further details, it is being assigned a new BID.

Affected Products

• AWStats 5.0.0
• AWStats 5.1.0
• AWStats 5.2.0
• AWStats 5.3.0
• AWStats 5.4.0
• AWStats 5.5.0
• AWStats 5.6.0
• AWStats 5.7.0
• AWStats 5.8.0
• AWStats 5.9.0
• AWStats 6.0.0
• AWStats 6.1.0
• AWStats 6.2.0
• Gentoo Linux
• SuSE Linux 8.0.0
• SuSE Linux 8.0.0 i386
• SuSE Linux 8.1.0
• SuSE Linux Personal 8.2.0
• SuSE Linux Personal 9.0.0
• SuSE Linux Personal 9.0.0 X86 64
• SuSE Linux Personal 9.1.0
• SuSE Linux Personal 9.2.0

References

• BugTraq: 12298
• CVE: CVE-2005-0116
• URL: http://awstats.sourceforge.net/docs/awstats_changelog.txt
• URL: http://www.kb.cert.org/vuls/id/272296/