ID SECURITYVULNS:DOC:9595 Type securityvulns Reporter Securityvulns Modified 2005-08-28T00:00:00
Description
Good morning all.
"AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp
or mail server statistics, graphically. This log analyzer works as a CGI or from command
line and shows you all possible information your log contains, in few graphical web pages."
Once you have setup this tool, you can get statistics of a website with this URL :
You replace xxx by the name you gave to the configuration file of your website (You have
one file per website)
But if xxx is not an existing name, the path will be disclosed to the user in the resulting
error message.
I have seen this vulnerability with 6.4 version of AWstats and i think all version < 6.4
are also vulnerable.
AWstats is a great tool anyway.
Sorry for my english it is not my primary language.
Have a nice day. Unix will win.
Best regards.
FOURNAUX Nicolas
www.cambodiaoutsourcing.com
www.khmerdev.com
{"id": "SECURITYVULNS:DOC:9595", "bulletinFamily": "software", "title": "AWstats Path Disclosure Vulnerability", "description": "Good morning all.\r\n\r\n"AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp\r\nor mail server statistics, graphically. This log analyzer works as a CGI or from command\r\nline and shows you all possible information your log contains, in few graphical web pages."\r\n\r\nOnce you have setup this tool, you can get statistics of a website with this URL :\r\n\r\nhttp://www.server.com/awstats/awstats.pl?config=xxx\r\n\r\nYou replace xxx by the name you gave to the configuration file of your website (You have\r\none file per website)\r\n\r\nBut if xxx is not an existing name, the path will be disclosed to the user in the resulting\r\nerror message.\r\n\r\nI have seen this vulnerability with 6.4 version of AWstats and i think all version < 6.4\r\nare also vulnerable.\r\n\r\nAWstats is a great tool anyway.\r\n\r\nSorry for my english it is not my primary language.\r\n\r\nHave a nice day. Unix will win.\r\n\r\nBest regards.\r\n\r\nFOURNAUX Nicolas\r\n\r\nwww.cambodiaoutsourcing.com\r\nwww.khmerdev.com", "published": "2005-08-28T00:00:00", "modified": "2005-08-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9595", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:13", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-08-31T11:10:13", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB2501721", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:13", "rev": 2}, "vulnersScore": -0.0}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **61[.]115.1.182** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nASN 9595: (First IP 61.115.0.0, Last IP 61.115.32.255).\nASN Name \"XEPHION\" and Organisation \"NTTME Corporation\".\nASN hosts 1822 domains.\nGEO IP information: City \"\", Country \"Japan\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:223A4D85-1D4B-34E6-AD41-2D5B16C1A82B", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 61.115.1.182", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **181[.]211.250.122** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-09-29T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nASN 27948: (First IP 181.211.248.0, Last IP 181.211.251.255).\nASN Name \"CORPORACION\" and Organisation \"NACIONAL DE TELECOMUNICACIONES CNT EP\".\nASN hosts 0 domains.\nGEO IP information: City \"Santa Cruz\", Country \"Ecuador\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-09-29T00:00:00", "id": "RST:7D826B44-FB25-3E15-9595-BA431C6795F9", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 181.211.250.122", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **115[.]65.111.148** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2020-01-22T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **c2, generic**.\nWe found that the IOC is used by: **emotet**.\nASN 9595: (First IP 115.65.0.0, Last IP 115.65.159.255).\nASN Name \"XEPHION\" and Organisation \"NTTME Corporation\".\nASN hosts 1822 domains.\nGEO IP information: City \"Kanagawa\", Country \"Japan\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-22T00:00:00", "id": "RST:53168D85-61C9-3354-8B99-349745A5555F", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 115.65.111.148", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **115[.]65.204.222** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **19**.\n First seen: 2020-12-20T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nASN 9595: (First IP 115.65.160.0, Last IP 115.65.255.255).\nASN Name \"XEPHION\" and Organisation \"NTTME Corporation\".\nASN hosts 1822 domains.\nGEO IP information: City \"Shinagawa\", Country \"Japan\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-20T00:00:00", "id": "RST:50496629-3F6A-310E-B230-57BE995E9063", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 115.65.204.222", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **milkychoco[.]work** in [RST Threat Feed](https://rstcloud.net/profeed) with score **15**.\n First seen: 2020-11-04T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 172[.]67.204.220,104.21.77.62\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-04T00:00:00", "id": "RST:901BFE41-2778-3BCF-9595-DABC90C87DC0", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: milkychoco.work", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **ns1[.]hatwabians.cyou** in [RST Threat Feed](https://rstcloud.net/profeed) with score **35**.\n First seen: 2020-12-27T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **malware**.\nDomain has DNS A records: 45[.]14.226.115\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-27T00:00:00", "id": "RST:9C44CEC0-9D97-38F0-9595-C02B598DDBFD", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: ns1.hatwabians.cyou", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **praisetrax[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 192[.]185.189.130\nWhois:\n Created: 2020-05-09 04:28:04, \n Registrar: NameCheap Inc, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:2577BD7A-9B77-388A-9595-E1522EB2667F", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: praisetrax.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **ca-revenuquebec[.]remb.gouv.qc.ca.presento.com.co** in [RST Threat Feed](https://rstcloud.net/profeed) with score **22**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 207[.]246.119.121 and CNAME records: presento.com.co.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:E9567E4E-E77D-3819-9595-35E90A062AB7", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: ca-revenuquebec.remb.gouv.qc.ca.presento.com.co", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **198[.]23.247.185** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2020-07-01T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nASN 36352: (First IP 198.23.246.0, Last IP 198.23.255.255).\nASN Name \"ASCOLOCROSSING\" and Organisation \"ColoCrossing\".\nASN hosts 231013 domains.\nGEO IP information: City \"Chicago\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-07-01T00:00:00", "id": "RST:72B2BB0F-A41C-3512-9595-57FF4681481C", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 198.23.247.185", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **191[.]102.83.31** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **8**.\n First seen: 2020-10-03T03:00:00, Last seen: 2021-01-22T03:00:00.\n IOC tags: **generic**.\nASN 262186: (First IP 191.102.83.0, Last IP 191.102.84.255).\nASN Name \"TV\" and Organisation \"AZTECA SUCURSAL COLOMBIA\".\nASN hosts 270 domains.\nGEO IP information: City \"Risaralda\", Country \"Colombia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-03T00:00:00", "id": "RST:F3881243-D445-313F-9595-BDC040DC5616", "href": "", "published": "2021-01-23T00:00:00", "title": "RST Threat feed. IOC: 191.102.83.31", "type": "rst", "cvss": {}}]}
