CVE-2011-2152

Published: May 20, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Affected (1)

Products: Smartertools: Smarterstats

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Smartertools Smarterstats	Version 6.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.kb.cert.org/vuls/id/240150

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

Source: cve@mitre.org

US Government Resource

http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/67830

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/240150

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/67830

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.