PT-2011-3642 · Smartertools · Smarterstats

Published

2011-05-20

Updated

2017-08-29

CVE-2011-2154

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue concerns the SmarterTools SmarterStats web server, where the login.aspx page does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie. This omission makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Recommendations For SmarterTools SmarterStats version 6.0, consider configuring the web server to include the HTTPOnly flag in the Set-Cookie header for the loginsettings cookie to prevent script access.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-2154

Affected Products

Smarterstats

PT-2011-3642 · Smartertools · Smarterstats

CVE-2011-2154

Weakness Enumeration

Related Identifiers

Affected Products

References · 7