ID CVE-2006-2237
Summary The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:awstats:awstats:6.4
    cpe:2.3:a:awstats:awstats:6.4
  • cpe:2.3:a:awstats:awstats:6.5
    cpe:2.3:a:awstats:awstats:6.5
CVSS
Base: 5.1 (as of 09-05-2006 - 08:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit. CVE-2006-2237. Webapps exploit for cgi platform
    id EDB-ID:1755
    last seen 2016-01-31
    modified 2006-05-06
    published 2006-05-06
    reporter redsand
    source https://www.exploit-db.com/download/1755/
    title AWStats <= 6.5 migrate Remote Shell Command Injection Exploit
  • description AWStats 6.4-6.5 AllowToUpdateStatsFromBrowser Command Injection. CVE-2006-2237. Webapps exploit for cgi platform
    id EDB-ID:9909
    last seen 2016-02-01
    modified 2006-05-04
    published 2006-05-04
    reporter patrick
    source https://www.exploit-db.com/download/9909/
    title AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection
  • description AWStats migrate Remote Command Execution. CVE-2006-2237. Webapps exploit for cgi platform
    id EDB-ID:16886
    last seen 2016-02-02
    modified 2010-07-03
    published 2010-07-03
    reporter metasploit
    source https://www.exploit-db.com/download/16886/
    title AWStats 6.4-6.5 migrate Remote Command Execution
metasploit via4
description This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration file (non-default).
id MSF:EXPLOIT/UNIX/WEBAPP/AWSTATS_MIGRATE_EXEC
last seen 2019-02-12
modified 2017-11-08
published 2009-01-15
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/awstats_migrate_exec.rb
title AWStats migrate Remote Command Execution
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_AWSTATS-1612.NASL
    description This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. #173041 - CVE-2006-2644: missing sanitizing of the 'configdir' parameter. #173041 - Make sure open() only opens files for read/write by adding explicit < and >.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27163
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27163
    title openSUSE 10 Security Update : awstats (awstats-1612)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1058.NASL
    description Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22600
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22600
    title Debian DSA-1058-1 : awstats - missing input sanitising
  • NASL family CGI abuses
    NASL id AWSTATS_MIGRATE_CMD_EXEC.NASL
    description The remote host is running AWStats, a free logfile analysis tool written in Perl. The version of AWStats installed on the remote host fails to sanitize input to the 'migrate' parameter before passing it to a Perl 'open()' function. Provided 'AllowToUpdateStatsFromBrowser' is enabled in the AWStats site configuration file, an unauthenticated attacker can exploit this issue to execute arbitrary code on the affected host, subject to the privileges of the web server user id.
    last seen 2019-02-21
    modified 2018-06-13
    plugin id 21328
    published 2006-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21328
    title AWStats migrate Parameter Arbitrary Command Execution
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-06 (AWStats: Remote execution of arbitrary code) Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the 'migrate' parameter. Additionally, r0t has discovered that AWStats fails to properly sanitize user-supplied input in awstats.pl. Impact : A remote attacker can execute arbitrary code on the server in the context of the application running the AWStats CGI script if updating of the statistics via web frontend is allowed. Nonetheless, all configurations are affected by a cross-site scripting vulnerability in awstats.pl, allowing a remote attacker to execute arbitrary scripts running in the context of the victim's browser. Workaround : Disable statistics updates using the web frontend to avoid code injection. However, there is no known workaround at this time concerning the cross-site scripting vulnerability.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21667
    published 2006-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21667
    title GLSA-200606-06 : AWStats: Remote execution of arbitrary code
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-285-1.NASL
    description AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static pages. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21588
    published 2006-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21588
    title Ubuntu 5.04 / 5.10 : awstats vulnerability (USN-285-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/82352/awstats_migrate_exec.rb.txt
id PACKETSTORM:82352
last seen 2016-12-05
published 2009-10-30
reporter patrick
source https://packetstormsecurity.com/files/82352/AWStats-migrate-Remote-Command-Execution.html
title AWStats migrate Remote Command Execution
refmap via4
bid 17844
confirm http://awstats.sourceforge.net/awstats_security_news.php
debian DSA-1058
gentoo GLSA-200606-06
misc
osvdb 25284
secunia
  • 19969
  • 20170
  • 20186
  • 20496
  • 20710
suse SUSE-SA:2006:033
ubuntu USN-285-1
vupen ADV-2006-1678
xf awstats-migrate-command-execution(26287)
saint via4
bid 17844
description AWStats migrate parameter command injection
id web_prog_cgi_awstatsmigrate
osvdb 25284
title awstats_migrate
type remote
Last major update 07-03-2011 - 21:35
Published 08-05-2006 - 19:02
Last modified 03-10-2018 - 17:40
Back to Top