Vulnerabilities > CVE-2011-2158 - Unspecified vulnerability in Smartertools Smarterstats 6.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://www.kb.cert.org/vuls/id/240150
- http://www.kb.cert.org/vuls/id/MORO-8GYQR4
- http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
- http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67824
- http://www.kb.cert.org/vuls/id/240150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67824
- http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
- http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
- http://www.kb.cert.org/vuls/id/MORO-8GYQR4