CVE-2011-2157

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue concerns the generation of web pages containing email addresses by certain components in the SmarterTools SmarterStats web server. Specifically, the Admin/frmEmailReportSettings.aspx and Admin/frmGeneralSettings.aspx components produce pages with default form field values that include email addresses. This allows remote attackers to obtain potentially sensitive information by reading these default values.

Recommendations For SmarterTools SmarterStats version 6.0, consider restricting access to the Admin/frmEmailReportSettings.aspx and Admin/frmGeneralSettings.aspx components to minimize the risk of exploitation. As a temporary workaround, modify the components to not include email addresses in the default values of form fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.