![]() How can I ensure that everything is blocked as it should be and that nothing " bad" is happening? The guy who set up our FortiGates is no longer here so not really up to speed on this. This Metasploit module exploits an arbitrary command execution. They say the severity is low and I' m assuming that since it is being reported that it is being successfully blocked throughout, but it concerns me. AWStats configdir Remote Command Execution: Posted Oct 30, 2009: Authored by Matteo Cantoni. Author(s) Matteo Cantoni <> hdm Platform.iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. CVE-2005-0116 AWStats 6.1, and other versions before 6. This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. ![]() ![]() In the last couple weeks I am seeing a ton of messages like below. in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) 'pluginmode', (2) 'loadplugin', or (3) 'noloadplugin' parameters. The second phase of the attack appeared in the alarm logs as the signature, XML RPC PHP command Execution. ![]()
0 Comments
Leave a Reply. |