7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%
Added: 02/14/2006
CVE: CVE-2005-0116
BID: 12298
OSVDB: 13002
AWStats is a web application for showing web, FTP, and mail server statistics.
Insufficient validation of the **configdir**
parameter before being used in a PERL open call leads to remote command execution.
Upgrade to AWStats 6.3 or higher.
[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=185&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=185&type=vulnerabilities
>)
Exploit works on AWStats 6.2 on Linux.