CVE-2011-2159

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The SmarterTools SmarterStats web server may be affected by an issue where certain resources omit the Content-Type header, potentially allowing remote attackers to leverage an interpretation conflict. This could involve various files and endpoints, including "Admin/Defaults/frmDefaultSiteSettings.aspx", "Admin/Defaults/frmServerDefaults.aspx", "Admin/frmReportSettings.aspx", "Admin/frmSite.aspx", "App Themes/Default/ButtonBarIcons.xml", "App Themes/Default/Skin.xml", "Client/frmImportSettings.aspx", "Client/frmSeoSettings.aspx", "Services/Web.config", "aspnet client/system web/4 0 30319/", "clientaccesspolicy.xml", "cloudscan.exe", "crossdomain.xml", and "sitemap.xml". It is possible that only clients, not the SmarterStats product itself, could be affected by this issue.

Recommendations For SmarterTools SmarterStats version 6.0, consider adding the Content-Type header to the affected resources to prevent potential interpretation conflicts. As a temporary workaround, restrict access to the affected files and endpoints until a proper fix is applied.