CVE-2011-2156

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue allows remote attackers to obtain directory listings via direct requests for specific directory names. This includes requests for the Admin/, Admin/Defaults/, Admin/GettingStarted/, Admin/Popups/, App Themes/, Client/, Client/Popups/, Services/, Temp/, UserControls/, UserControls/PanelBarTemplates/, UserControls/Popups/, aspnet client/, or aspnet client/system web/ directories, as well as certain directory names under App Themes/Default/.

Recommendations For SmarterTools SmarterStats version 6.0, consider restricting access to the specified directories to minimize the risk of exploitation. As a temporary workaround, limit direct requests to these directories until a patch is available.