Skip to content

Information Disclosure: AWStats Config Exposure¶

Identifier: awstats_config_exposure

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

AWStats config exposure occurs when settings files are left publicly accessible, potentially revealing sensitive data like paths, credentials, or server setup details that attackers can use to plan further attacks.

How we test: We scan for exposed AWStats configuration files and analyze responses to detect if sensitive settings, paths, credentials, or server configuration details are accessible via web servers.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  awstats_config_exposure:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.