Security Test: AWStats Config Exposure¶
Description¶
Default Severity:
AWStats config exposure happens when the settings file for AWStats is left open to the public. This file can reveal sensitive data like paths, credentials, or details about the server setup, which attackers can use to plan further attacks. The problem usually arises from misconfigurations or leaving default files in places where they’re accessible on the web. Developers might often overlook proper file permissions or assume default settings are secure, making it easier for attackers to exploit. If not fixed, it can expose your system to significant risks, including unauthorized access and further breaches.
Configuration¶
Identifier:
information_disclosure/awstats_config_exposure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.5 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-44 |
| FedRAMP | AC-22 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS Score | 3.0 |