#811 Awstats path Disclosure issue

closed
Other (220)
9
2012-10-11
2009-06-22
No

I have installed version 6.9 on the windows platform to address the path disclosure issue. However, when my site is scanned it is still showing that this issue exists. The security notes show that this issue should have been corrected in this version.

Can anyone suggest a fix to this problem and how to implement it on my install?

Sample of issue:

When you enter http://your_site/path_to/awstats.pl?config=nothing in the address bar of the browser, you get :

Error: Couldn't open config file "awstats.nothing.conf" nor "awstats.conf" after searching in path "C:\Webs\test\cgi-bin,/etc/awstats,/usr/local/etc/awstats,/etc,/etc/opt/awstats": No such file or directory.

I'm trying to get my website PCI compliant and this is reported as an issue that would prevent my website from passing compliance.

Discussion

  • Chris Larsen

    Chris Larsen - 2010-05-03

    Will only display the path in CLI mode or if you edit the AWStats.pl file and set $DEBUGFORCED = 1;

     
  • Chris Larsen

    Chris Larsen - 2010-05-03

    The feature/change or bug fix was added in CVS tree.
    Will be available with next release.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks