AWStats Exposure
Description
Detects publicly accessible AWStats configuration data.
Remediation
To remediate AWStats Exposure, follow these steps:
- Update AWStats to the latest version to address any known vulnerabilities.
- Restrict access to the AWStats installation directory using .htaccess or equivalent web server configuration to allow only authorized IP addresses.
- Implement strong password protection for the AWStats administrative interface.
- Ensure that directory listings are disabled on the server to prevent unauthorized directory browsing.
- Regularly review and update AWStats configuration settings to ensure they adhere to security best practices.
- Monitor access logs for any suspicious activity related to AWStats.
- If AWStats is not required, consider removing or disabling it to reduce the attack surface.
Configuration
Identifier:
information_disclosure/awstats_exposure
Examples
Ignore this check
checks:
information_disclosure/awstats_exposure:
skip: true
Score
- Escape Severity: HIGH
Compliance
OWASP: API8:2023
pci: 2.2.5
gdpr: Article-32
soc2: CC6
psd2: Article-95
iso27001: A.12.6
nist: SP800-53
fedramp: AC-22
Classification
- CWE: 200