Script_set_attribute(attribute:"patch_publication_date", value:"6") Script_set_attribute(attribute:"vuln_publication_date", value:"0") Script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd") Script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:awstats") Script_set_attribute(attribute:"plugin_type", value:"local") Script_set_attribute(attribute:"exploit_available", value:"true") Script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required") Script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:ND") Script_set_attribute(attribute:"solution", value:"Update the affected package.") Parameters including loadplugin, logfile, pluginmode, update, andĪdditionally, the debug and other CGI parameters may be used to causeĪWStats to disclose AWStats and system configuration information." Unauthenticated attacker to execute arbitrary commands with the "Several input validation errors exist in AWStats that allow a remote
Value:"The remote FreeBSD host is missing a security-related update." Script_summary(english:"Checks for updated package in pkg_info output") Script_name(english:"FreeBSD : awstats - arbitrary command execution (fdad8a87-7f94-11d9-a9e7-0001020eed82)") # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE, DATA, OR PROFITS OR # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # in the documentation and/or other materials provided with the # notice, this list of conditions and the following disclaimer # RTF and other formats) must reproduce the above copyright # published online in any format, converted to PDF, PostScript, Redistributions in compiled form (transformed to other DTDs, # disclaimer as the first lines of this file unmodified. # copyright notice, this list of conditions and the following
Awstats 6.4 code#
Redistributions of source code (VuXML) must retain the above # are permitted provided that the following conditions are met: # HTML, PDF, PostScript, RTF and so forth) with or without modification, # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # Copyright 2003-2018 Jacques Vidrine and contributors # extracted from the FreeBSD VuXML database : # The descriptive text and package checks in this plugin were or an Affiliate thereof.įreeBSD : awstats - arbitrary command execution (fdad8a87-7f94-11d9-a9e7-0001020eed82) This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. Additionally, the debug and other CGI parameters may be used to cause AWStats to disclose AWStats and system configuration information. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server.
0 kommentar(er)
