Information Disclosure: AWStats Exposure¶

Identifier: awstats_exposure

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When configuration files for AWStats are mistakenly made public, attackers can access sensitive setup details, logs, or even credentials hidden within. This risk usually comes from misconfigured file permissions or poorly secured web server settings. If left unchecked, it could lead to unauthorized data access or give hackers clues to further compromise your systems. Developers often overlook securing these files, assuming the analytics tool is safe by default, so its essential to verify file access rights and server configurations to prevent unwanted exposure.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  awstats_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.