Lucene search

[email protected]CVE-2011-2156

HistoryMay 20, 2011 - 10:55 p.m.

CVE-2011-2156

2011-05-2022:55:05

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-2156

smartertools

smarterstats

directory listing

web server

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.2%

JSON

The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/.

Affected configurations

NVD

Node

smartertoolssmarterstatsMatch6.0

CPENameOperatorVersion
smartertools:smarterstatssmartertools smarterstatseq6.0

CPE	Name	Operator	Version
smartertools:smarterstats	smartertools smarterstats	eq	6.0

References

www.kb.cert.org/vuls/id/240150

www.kb.cert.org/vuls/id/MORO-8GYQR4

xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

exchange.xforce.ibmcloud.com/vulnerabilities/67826

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2011-2156

cvelist1 prion1 nvd1 openvas1