Summary
The host is running AWStats, which is prone to XSS Vulnerability.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
NOTE: This issue exists because of an incomplete fix for CVE-2008-3714.
Solution
Update to higher Version or Apply patches from,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****
Insight
The flaw is due to query_string parameter in awstats.pl which is not properly sanitized before being returned to the user.
Affected
AWStats 6.8 and earlier.
References
Severity
Classification
-
CVE CVE-2008-5080 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- AN Guestbook Local File Inclusion Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability