Vulnerability Details : CVE-2011-2151
The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Products affected by CVE-2011-2151
- cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2151
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2151
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-2151
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2151
-
http://www.kb.cert.org/vuls/id/240150
VU#240150 - SmarterTools default basic web server vulnerabilitiesUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67831
SmarterTools SmarterStats password information disclosure CVE-2011-2151 Vulnerability Report
-
http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
CVE-2011-4750, SmarterTools WebServer, CVE-2011-2151, CVE-2011-2155, CVE-2011-4751, CVE-2011-2154, CVE-2011-2158, CVE-2011-4752, Stored + Reflected XSS, SmarterTools 6.x (6.2.4100), Cross Site Scripti
-
http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
SQL Injection, XML Injection, OS Command Injection, SmarterStats 6.0
-
http://www.kb.cert.org/vuls/id/MORO-8GYQR4
VU#240150 - SmarterTools default basic web server vulnerabilitiesUS Government Resource
Jump to