| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in AWStats 6.3. This issue affects the function Open of the file aswtats.pl. Such manipulation of the argument configdir leads to input validation.
This vulnerability is uniquely identified as CVE-2005-0116. Moreover, an exploit is present.
The affected component should be upgraded.
Details
A vulnerability, which was classified as critical, has been found in AWStats 6.3 (Log Management Software). Affected by this issue is the function open of the file aswtats.pl. The manipulation of the argument configdir with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, integrity, and availability. CVE summarizes:
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
The bug was discovered 01/17/2005. The weakness was disclosed 01/01/2005 by iDefense as confirmed advisory (CERT.org). The advisory is shared for download at kb.cert.org. This vulnerability is handled as CVE-2005-0116 since 01/18/2005. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details as well as a public exploit are known.
After 4 weeks, there has been an exploit disclosed. The exploit is available at saintcorporation.com. It is declared as highly functional. The vulnerability scanner Nessus provides a plugin with the ID 16427 (GLSA-200501-36 : AWStats: Remote code execution), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 12151 (AWStats Remote Command Execution Vulnerability).
Upgrading to version 6.1 eliminates this vulnerability. A possible mitigation has been published 4 weeks after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 3813. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3273.
The vulnerability is also documented in the databases at X-Force (18912), Exploit-DB (772), Tenable (16427), SecurityFocus (BID 12298†) and OSVDB (13002†). The entries VDB-6852, VDB-8184 and VDB-43734 are pretty similar. Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 16427
Nessus Name: GLSA-200501-36 : AWStats: Remote code execution
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 53512
OpenVAS Name: Debian Security Advisory DSA 682-1 (awstats)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Saint ID: exploit_info/awstats_configdir
Saint Name: AWStats configdir parameter command execution
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: awstats_configdir_exec.rb
MetaSploit Name: AWStats configdir Remote Command Execution
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: AWStats 6.1
Snort ID: 3813
TippingPoint: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
01/01/2005 🔍01/15/2005 🔍
01/15/2005 🔍
01/17/2005 🔍
01/17/2005 🔍
01/18/2005 🔍
01/18/2005 🔍
01/18/2005 🔍
01/25/2005 🔍
01/26/2005 🔍
02/14/2005 🔍
03/03/2005 🔍
03/10/2015 🔍
10/27/2024 🔍
Sources
Advisory: kb.cert.orgResearcher: iDefense
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2005-0116 (🔍)
GCVE (CVE): GCVE-0-2005-0116
GCVE (VulDB): GCVE-100-23852
CERT: 🔍
X-Force: 18912
SecurityFocus: 12298 - AWStats Remote Command Execution Vulnerability
Secunia: 13893 - AWStats "configdir" Parameter Arbitrary Command Execution, Highly Critical
OSVDB: 13002 - AWStats awstats.pl configdir Parameter Arbitrary Command Execution
Vulnerability Center: 7214 - AWStats < 6.3 Allows Commands Execution, High
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/10/2015 15:27Updated: 10/27/2024 09:02
Changes: 03/10/2015 15:27 (106), 06/04/2019 17:18 (2), 07/17/2024 13:04 (17), 10/27/2024 09:02 (2)
Complete: 🔍
Cache ID: 216:820:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.