CVE-2011-2152
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
El servidor web SmarterTools SmarterStats v6.0 genera páginas web que contienen enlaces externos en respuesta a las solicitudes GET con cadenas de consulta para (1) Client/frmViewReports.aspx o (2) UserControls/Popups/frmHelp.aspx, lo que hace que sea más fácil para los atacantes remotos obtener información sensible mediante la lectura de (a) registro de accesos al servidor web o (b) registro de referidos al servidor web, relacionado con un fallo "cross-domain Referer leakage".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-05-20 CVE Reserved
- 2011-05-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/240150 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/MORO-8GYQR4 | Us Government Resource |
|
| http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67830 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Smartertools Search vendor "Smartertools" | Smarterstats Search vendor "Smartertools" for product "Smarterstats" | 6.0 Search vendor "Smartertools" for product "Smarterstats" and version "6.0" | - |
Affected
| ||||||