Update: Frank Knobbe pointed out to me that there is a snort signature available from BleedingSnort ( here) to detect the PhpGedView exploit. An attacker may exploit this condition to execute commands remotely or disclose contents of files, subject to the privileges under which the web server operates.
The authors have posted patches here which users are encouraged to apply as soon as possible.
AWSTATS VULNERABILITY FULL
There are a number of possible solutions to the second problem including temporary lockouts after several unsuccessful login attempts.Īlso, a couple of days ago a worm started making the rounds exploiting a vulnerability in the genealogy application PhpGedView. A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem. The disabling of those settings above will protect against the first issue, but not the second.
AWSTATS VULNERABILITY CODE
On a sort of related note (in so far as it has to do with phpBB-2.0.18, too), one of our intrepid readers also noticed that an exploit has been posted in several places that will do brute force dictionary attacks to get the passwords of phpBB users. IP addresses with this tag have been observed attempting to exploit CVE-2006-2237, a remote code execution vulnerability in the migrate function in AWStats. Having said that, the exploit is now in the wild, so if you are running phpBB, make sure that you follow the recommendations and that "Allow HTML" and register_globals are both disabled. Open redirect vulnerability in in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Fortunately, the vulnerability can only be exploited if a couple of settings are changed from the default to values that will open your web server to a lot more problems than just this one. awstats did not fully sanitize input, which was passed directly to the users browser, allowing for an XSS attack. Several days ago Secunia issued a bulletin discussing a new vulnerability in phpBB-2.0.18 (which is the latest one and which, unfortunately, has been a pretty popular target over the last year or so). Well, there are a couple of new ones in the last week or so that I thought deserved a mention. Even after all these months there are still scans for the old awstats vulnerability and the XML-RPC vulnerabilities in PHP itself from a few months back. Categorized as a CAPEC-224 CWE-205 ISO27001-A.14.2.5 WASC-45 OWASP PC-C6 OWASP 2017-A6 vulnerability, companies or developers should remedy the situation when more information is available to avoid further problems.
AWSTATS VULNERABILITY UPDATE
Update the software to the latest non-vulnerable version.Those of you that run web servers have probably noticed in your logs that there is a lot of scanning activity looking for vulnerabilities in PHP or web applications that are written in PHP. A AWStats Detected is an attack that is similar to a Web Backdoor Detected that information-level severity. If this signature is detected, an incident is generated in the Alert Logic console. The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. No authentication is required for successful exploitation of this vulnerability Alert Logic CoverageĪlert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place. To see how the developers reacted, OS Reviews took a quick look at the code. You will need AWStats versions 6.2 and below. AWStats received attention last year when the Lupper worm used an AWStats vulnerability to infect web servers around the net. The injected command is passed to a pearl function without sanitization and is subsequently executed if escaped via a double-pipe (||).The attacker sends an HTTP POST request to with the ‘configdir’ parameter containing a command injection payload.An attacker is able to inject command execution payloads via crafted requests, resulting in the ability to run arbitrary commands on the target host. A remote command execution vulnerability exists in the script used in the AWStats software package.
0 kommentar(er)
