Skip to content

Information Disclosure: AWStats Config Exposure

Identifier: awstats_config_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

AWStats config exposure happens when the settings file for AWStats is left open to the public. This file can reveal sensitive data like paths, credentials, or details about the server setup, which attackers can use to plan further attacks. The problem usually arises from misconfigurations or leaving default files in places where theyre accessible on the web. Developers might often overlook proper file permissions or assume default settings are secure, making it easier for attackers to exploit. If not fixed, it can expose your system to significant risks, including unauthorized access and further breaches.

Configuration

Example

Example configuration:

---
security_tests:
  awstats_config_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.