CVE-2011-2151

The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/240150	US Government Resource
http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
http://www.kb.cert.org/vuls/id/MORO-8GYQR4	US Government Resource
http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/67831

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*

Information

Published : 2011-05-20 15:55

Updated : 2017-08-28 18:29

NVD link : CVE-2011-2151

Mitre link : CVE-2011-2151

JSON object : View

CWE

CWE-310

Cryptographic Issues

Advertisement

Products Affected

smartertools

smarterstats

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/240150", "name": "VU#240150", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", "name": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", "name": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", "name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", "tags": [], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67831", "name": "smarterstats-password-info-disc(67831)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2151", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-05-20T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:29Z"}