[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-2150

Date: (C)2011-05-20   (M)2017-08-29
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.

Reference:
VU#240150
http://www.kb.cert.org/vuls/id/MORO-8GYQR4
http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
smarterstats-string-data-dos(67832)

CWE    1
CWE-20

© 2013 SecPod Technologies