Secunia

Community Login

Customer Login

Partner Login

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA19725

AWStats Multiple Vulnerabilities

Secunia Advisory

SA19725

Get alerted and manage the vulnerability life cycle

Release Date

2006-04-19

Last Update

2010-12-17

Popularity

27,709 views

Comments

0 comments

Criticality level

Less critical

Impact

Cross Site Scripting
Spoofing
Exposure of system information

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Software:

AWStats 6.x

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

CVE-2006-1945 CVSS available in Customer Area
CVE-2006-3681 CVSS available in Customer Area
CVE-2006-3682 CVSS available in Customer Area
CVE-2009-5020 CVSS available in Customer Area

Description

A weakness and some vulnerabilities have been reported in AWStats, which can be exploited by malicious people to disclose system information and conduct cross-site scripting and spoofing attacks.

1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Examples:
http://[host]/awstats.pl?config=[code]
http://[host]/awstats.pl?refererpagesfilter=[code]&refererpagesfilterex=&output=refererpages&config=[config]&year=2006&month=all
http://[host]/awstats.pl?refererpagesfilter=&refererpagesfilterex=[code]&output=refererpages&config=[config]&year=2006&month=all
http://[host]/awstats.pl?urlfilter=&urlfilterex=[code]&output=urlentry&config=[config]&year=2006&month=all
http://[host]//awstats.pl?urlfilter=[code]&urlfilterex=&output=urlentry&config=[config]&year=2006&month=all
http://[host]/awstats.pl?hostfilter=[code]&hostfilterex=&output=allhosts&config=[config]&year=2006&month=all
http://[host]/awstats.pl?hostfilter=&hostfilterex=[code]&output=allhosts&config=[config]&year=2006&month=all

The "diricons" parameter is reportedly also affected.

2) The problem is that it is possible to disclose the full path to the installation by supplying an invalid "config" parameter to "awstats.pl".

3) Certain input passed to awstats.pl is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Vulnerabilities #1 and #2 are confirmed in version 6.5 and vulnerability #3 is reported in versions prior to 6.95.

Solution
Update to version 6.95.

Provided and/or discovered by
1, 2) r0t
3) Reported by the vendor.

Additional information for vulnerability #1 provided by OS Reviews.

Changelog
Further details available in Customer Area

Original Advisory
AWStats:
http://awstats.sourceforge.net/docs/awstats_changelog.txt

r0t:
http://pridels.blogspot.com/2006/04/awstats-65-vuln.html
http://pridels.blogspot.com/2006/04/awstats-65x-multiple-vuln.html

OS Reviews:
http://www.osreviews.net/reviews/comm/awstats

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: AWStats Multiple Vulnerabilities

No posts yet

Secunia

Secunia Advisory SA19725

AWStats Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?