[Snort-sigs] Awstats Remote Code Execution

Frank Knobbe frank at ...1978...
Tue Jan 25 11:09:02 EST 2005


On Tue, 2005-01-25 at 12:54 -0600, Nigel Houghton wrote:
> Slightly off-topic here, but if any of you folks use awstats, this
> vulnerability does not affect the static output functionality of awstats, 
> nor can you access the web interface with the appropriate restrictions 
> set in your awstats.conf.

That may be, but I think it's still of value since it can detect
attempts to exploit it. I made a change to the rule that basically
adds .*|.*| to the pcre as it appears that the commands HAVE to be
enclosed in pipes.

Thanks for the second reference. It will be added to the first one.

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050125/b5208933/attachment.sig>


More information about the Snort-sigs mailing list