PT-2011-3644 · Smartertools · Smarterstats
Publicado
2011-05-20
·
Atualizado
2017-08-29
·
CVE-2011-2156
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SmarterTools SmarterStats version 6.0
Description
The issue allows remote attackers to obtain directory listings via direct requests for specific directory names. This includes requests for the Admin/, Admin/Defaults/, Admin/GettingStarted/, Admin/Popups/, App Themes/, Client/, Client/Popups/, Services/, Temp/, UserControls/, UserControls/PanelBarTemplates/, UserControls/Popups/, aspnet client/, or aspnet client/system web/ directories, as well as certain directory names under App Themes/Default/.
Recommendations
For SmarterTools SmarterStats version 6.0, consider restricting access to the specified directories to minimize the risk of exploitation. As a temporary workaround, limit direct requests to these directories until a patch is available.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Smarterstats