Awstats statistics permissions assigned improperly leads to explosive path-vulnerability warning-the black bar safety net

2011-01-12T00:00:00
ID MYHACK58:62201128831
Type myhack58
Reporter 佚名
Modified 2011-01-12T00:00:00

Description

Vulnerability details Brief description:

Awstats statistics permissions assigned improperly leads to explosive path Detailed description:

Awstats is a Perl-based WEB Log analysis and Statistics tool. Due to the simplicity of powerful features and by many administrators of all ages, its default configuration does not exceed 3, and 4 can start running, while the majority of administrators do not pay attention to the permissions settings, when you submit a wrong configuration, the resulting path information exposure threats to Server Security. Vulnerability to prove:

!

Repair solutions:

A reasonable allocation of permissions can be.

!

Vulnerability response Vendor response:

Failure to contact the vendors or manufacturers actively refused it