AWStats: 'Configdir' Exploit

Miscellaneous Ramblings....

Sunday, April 17. 2005

AWStats: 'Configdir' Exploit

Users of the Webstats package AWStats will definitely want to upgrade to the latest version (6.4), (or at least to version 6.3) in order to plug the AWStats ‘configdir’ Remote Command Execution exploit, which was detailed by the iDefense site. In short, the vulnerability allows the hackers to to execute arbitrary commands under the privileges of the Web server's username.

Posted by Colleen Velo in Computers Comments: (0) Trackbacks: (0)

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry
Submitted comments will be subject to moderation before being displayed.

	February '10
Su	Mo	Tu	We	Th	Fr	Sa
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28