Content-Type Header Misconfiguration in SmarterTools SmarterStats Web Server
CVE-2011-2158

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2158?

The SmarterTools SmarterStats 6.0 web server is susceptible to a vulnerability where it sends incorrect Content-Type headers, potentially leading to exploitation through various resources. Attackers may trigger issues involving admin pages and other user-facing content, such as reports and specific file types, which can result in an interpretation conflict. This misconfiguration could allow unauthorized remote actions or access to sensitive information, as it might affect how the web server processes and delivers content.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

http://xss.cx/examples/exploits/stored-reflected-xss-cwe7...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67824

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2158?

References

Timeline