Lucene search

[email protected]CVE-2011-2155

HistoryMay 20, 2011 - 10:55 p.m.

CVE-2011-2155

2011-05-2022:55:05

CWE-287

[email protected]

web.nvd.nist.gov

cve-2011-2155

smartertools

smarterstats

web server

vulnerability

authentication

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.3%

JSON

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.

Affected configurations

NVD

Node

smartertoolssmarterstatsMatch6.0

CPENameOperatorVersion
smartertools:smarterstatssmartertools smarterstatseq6.0

CPE	Name	Operator	Version
smartertools:smarterstats	smartertools smarterstats	eq	6.0

References

www.kb.cert.org/vuls/id/240150

www.kb.cert.org/vuls/id/MORO-8GYQR4

xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html

xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

exchange.xforce.ibmcloud.com/vulnerabilities/67827

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for CVE-2011-2155

cvelist1 nvd1 prion1 openvas1