login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References
Configurations
History
21 Nov 2024, 01:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/240150 - US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/MORO-8GYQR4 - US Government Resource | |
References | () http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html - | |
References | () http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/67828 - |
Information
Published : 2011-05-20 22:55
Updated : 2024-11-21 01:27
NVD link : CVE-2011-2154
Mitre link : CVE-2011-2154
CVE.ORG link : CVE-2011-2154
JSON object : View
Products Affected
smartertools
- smarterstats
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor