Check Point Advisories

Update Protection against AWStats "migrate" Shell Command Injection

Check Point Reference: CPAI-2006-053
Date Published: 30 May 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: SANS
Industry Reference:

CVE-2006-2236

Protection Provided by:
Who is Vulnerable? AWStats version 6.5 and prior versions
Vulnerability Description AWStats is an open source web analystic reporting tool, suitable for analyzing data from internet services. A vulnerability has been identified in AWStats due to improper validation of user input. The vulnerability may be exploited by attackers to execute arbitrary commands.

July 5, 2006
On July 5, t2006 his protection has been updated to include a Worm Catcher pattern against this vulnerability. Check the Solution tab for more information.
Update/Patch AvaliableUpgrade to AWStats version 6.6 :
http://awstats.sourceforge.net/
Vulnerability DetailsThe flaw is the result of an input validation error in the "awstats.pl" script that fails to properly validate the "migrate" variable when the "AllowToUpdateStatsFromBrowser" option is enabled. This can be exploited by remote attackers to execute arbitrary shell commands with the privileges of the Web server.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK