Summary
The remote host is running AWStats, a free real-time logfile analyzer.
The remote version of this software is prone to an input validation vulnerability.
The issue is reported to exist because user supplied 'configdir' URI data passed to the 'awstats.pl' script is not sanitized.
An attacker may exploit this condition to execute commands remotely or disclose contents of web server readable files.
Solution
Upgrade at least to version 6.3 of this software
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Baby Gekko CMS Multiple Vulnerabilities
- Admin News Tools Multiple Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- Arkeia Appliance Path Traversal Vulnerability