Cross-Domain Referer Leakage in SmarterTools SmarterStats 6.0 Web Server
CVE-2011-2152

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2152?

The SmarterTools SmarterStats 6.0 web server contains a vulnerability that results in cross-domain Referer leakage. When processing GET requests with specific query strings for Client/frmViewReports.aspx or UserControls/Popups/frmHelp.aspx, the application generates web pages that include external links. This can lead to the exposure of sensitive information, as attackers could exploit this flaw to glean insight from web-server access logs or Referer logs. The issue highlights a significant risk for users relying on SmarterStats for web analytics, exposing them to potential data breaches.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67830

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2152?

References

Timeline