CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Configurations

Configuration 1 (hide)

cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-05-20 22:55

Updated : 2024-02-28 11:41


NVD link : CVE-2011-2154

Mitre link : CVE-2011-2154

CVE.ORG link : CVE-2011-2154


JSON object : View

Products Affected

smartertools

  • smarterstats
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor