通过

AWStats Exploits on Apache/Linux

  • 项目

It looks like a vulnerability in the AWStats tool that runs on Apache is causing some troubles for people who aren't patched to the latest version. I woundn't mention it normally as this runs on Linux, but I've seen at least one person who's blog server was attacked and I want to make sure that people running Apache servers patch themselves against this. (There's a warning you should read on the AWStats site.) I've seen a couple of bizarre redirects the last couple of days and I suspect this might have something to do with it. Here's a link to some Sans coverage of this exploit.

Comments

  • Anonymous
    February 01, 2005
    > I woundn't mention it normally as this runs
    > on Linux,

    And what is said on the AWStats page that you linked to:

    > It uses a partial information file to be
    > able to process large log files, often and
    > quickly. It can analyze log files from IIS
    > (W3C log format), Apache log files [...]

    Your reason for not mentioning it normally is that IIS and Apache (and maybe the others) run on Linux? Anyone know of any other platforms where IIS and Apache (and maybe the others) are also capable of running? That's why you mentioned it abnormally, right? Sigh.
  • Anonymous
    February 04, 2005
    The comment has been removed