[Snort-sigs] Awstats Remote Code Execution
frank at ...1978...
Tue Jan 25 11:09:02 EST 2005
On Tue, 2005-01-25 at 12:54 -0600, Nigel Houghton wrote:
> Slightly off-topic here, but if any of you folks use awstats, this
> vulnerability does not affect the static output functionality of awstats,
> nor can you access the web interface with the appropriate restrictions
> set in your awstats.conf.
That may be, but I think it's still of value since it can detect
attempts to exploit it. I made a change to the rule that basically
adds .*|.*| to the pcre as it appears that the commands HAVE to be
enclosed in pipes.
Thanks for the second reference. It will be added to the first one.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-sigs