Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. How can I ensure that everything is blocked as it should be and that nothing " bad" is happening? The guy who set up our FortiGates is no longer here so not really up to speed on this. awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. The 'configdir' parameter contains unfiltered user-supplied data that is utilized in a call to the Perl routine open(). They say the severity is low and I' m assuming that since it is being reported that it is being successfully blocked throughout, but it concerns me. When you create an IPS block for this signature, you can ban the originating IP for xx minutes to discourage subsequent attacks. Furthermore, a user could read log file content even when plugin rawlog was not enabled.
#Awstats configdir remote command execution code
It could be some botnet that is probing sites for this particular vulnerability. The remote host is affected by the vulnerability described in GLSA-200501-36 (AWStats: Remote code execution) When is run as a CGI script, it fails to validate specific inputs which are used in a Perl open() function call. : Changes to be compatible with new AWStats.
excellent AWStats configdir Remote Command Execution.
In the last couple weeks I am seeing a ton of messages like below. You can tell this by looking at the ' status' line. As AWStats works from the command line but also as a CGI. SQL Injection and Remote Code Execution linux/http/astiumsqliupload.
0 kommentar(er)
