Cross-Domain Referer Leakage in SmarterTools SmarterStats 6.0 Web Server
CVE-2011-2152

Currently unrated

Key Information:

Vendor

Smartertools

Status
Smarterstats
Vendor
CVE Published:
20 May 2011

What is CVE-2011-2152?

The SmarterTools SmarterStats 6.0 web server contains a vulnerability that results in cross-domain Referer leakage. When processing GET requests with specific query strings for Client/frmViewReports.aspx or UserControls/Popups/frmHelp.aspx, the application generates web pages that include external links. This can lead to the exposure of sensitive information, as attackers could exploit this flaw to glean insight from web-server access logs or Referer logs. The issue highlights a significant risk for users relying on SmarterStats for web analytics, exposing them to potential data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/67830
vdb-entryx_refsource_XF
http://www.kb.cert.org/vuls/id/MORO-8GYQR4
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.