CVE-2011-2158 in SmarterStats信息

摘要

由 MITRE

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

预定

2011-05-20

披露

2011-05-20

管理

已接受

条目

VDB-57497

CWE

未知

EPSS

0.04384

KEV

活动

非常低

来源

Interested in the pricing of exploits?

See the underground prices here!