CVE-2011-2158 in SmarterStatsinformation

Résumé

par MITRE

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

20/05/2011

Divulgation

20/05/2011

Modérer

accepté

Entrée

VDB-57497

CPE

prêt

EPSS

0.04384

KEV

non

Activités

très faible

Sources

Do you need the next level of professionalism?

Upgrade your account now!