CVE-2011-2152

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue allows remote attackers to obtain sensitive information by exploiting a "cross-domain Referer leakage" issue. This is achieved through GET requests with query strings for specific API endpoints, such as "Client/frmViewReports.aspx" or "UserControls/Popups/frmHelp.aspx", which generates web pages containing external links. Attackers can then read web-server access logs or web-server Referer logs to gain access to sensitive information.

Recommendations For SmarterTools SmarterStats version 6.0, consider restricting access to the Client/frmViewReports.aspx and UserControls/Popups/frmHelp.aspx endpoints to minimize the risk of exploitation. Additionally, review and limit the information contained in web-server access logs and web-server Referer logs to reduce the potential impact of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.