SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP awstats.pl command execution attempt
This event is generated when an attempt is made to execute system commands via the cgi script awstats.pl. Impact: Possible execution of system commands. Details: Adavanced Web Statistics (awstats) is used to process web server log files and produces reports of web server usage. Some versions of awstats do not correctly sanitize user input. This may present an attacker with the opportunity to supply system commands via the "logfile" parameter. For the attack to be successful the "update" parameter must also have the value set to "1". This event indicates that an attempt has been made to pass a system command as a value to the "logfile" parameter the awstats.pl cgi script. Ease of Attack: Simple. No exploit software required.
No information provided
No public information
No known false positives
Cisco Talos Alex Kirk Nigel Houghton
No rule groups
None
No information provided
None
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
