Security Test: AWStats Exposure¶
Description¶
Default Severity:
When configuration files for AWStats are mistakenly made public, attackers can access sensitive setup details, logs, or even credentials hidden within. This risk usually comes from misconfigured file permissions or poorly secured web server settings. If left unchecked, it could lead to unauthorized data access or give hackers clues to further compromise your systems. Developers often overlook securing these files, assuming the analytics tool is safe by default, so it’s essential to verify file access rights and server configurations to prevent unwanted exposure.
Configuration¶
Identifier:
information_disclosure/awstats_exposure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.5 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-53 |
| FedRAMP | AC-22 |
| CWE | 200 |
| CVSS Vector | 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVSS Score | 3.0 |