Lucene search

[email protected]CVE-2011-2154

HistoryMay 20, 2011 - 10:55 p.m.

CVE-2011-2154

2011-05-2022:55:05

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-2154

smartertools

smarterstats 6.0

httponly

set-cookie

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Affected configurations

NVD

Node

smartertoolssmarterstatsMatch6.0

CPENameOperatorVersion
smartertools:smarterstatssmartertools smarterstatseq6.0

CPE	Name	Operator	Version
smartertools:smarterstats	smartertools smarterstats	eq	6.0

References

www.kb.cert.org/vuls/id/240150

www.kb.cert.org/vuls/id/MORO-8GYQR4

xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html

xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

exchange.xforce.ibmcloud.com/vulnerabilities/67828

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2011-2154

cvelist1 nvd1 prion1 openvas1