I have installed version 6.9 on the windows platform to address the path disclosure issue. However, when my site is scanned it is still showing that this issue exists. The security notes show that this issue should have been corrected in this version.
Can anyone suggest a fix to this problem and how to implement it on my install?
Sample of issue:
When you enter http://your_site/path_to/awstats.pl?config=nothing in the address bar of the browser, you get :
Error: Couldn't open config file "awstats.nothing.conf" nor "awstats.conf" after searching in path "C:\Webs\test\cgi-bin,/etc/awstats,/usr/local/etc/awstats,/etc,/etc/opt/awstats": No such file or directory.
I'm trying to get my website PCI compliant and this is reported as an issue that would prevent my website from passing compliance.
Log in to post a comment.