Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2151

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2151
Last Modified 16 Dec 2011 10:51:57
Published 20 May 2011 06:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2151

Summary

The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Systems

Application

  • Smartertools Smarterstats 6.0


References

MISC - http://www.kb.cert.org/vuls/id/MORO-8GYQR4

CERT-VN - VU#240150

MISC - http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

XF - smarterstats-password-info-disc(67831)

MISC - http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html


Last Updated: 27 May 2016 10:57:56