CVE-2011-2150
Last modified
CVE-2011-2150 is a vulnerability of currently unknown severity. The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.. EPSS estimates a 3.02% chance of exploitation in the next 30 days.
Description
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Smartertools | Smarterstats | 6.0 |
References
- http://www.kb.cert.org/vuls/id/240150US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-8GYQR4US Government Resource
- http://www.kb.cert.org/vuls/id/240150US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-8GYQR4US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-2150?
How severe is CVE-2011-2150?
How do I fix CVE-2011-2150?
Are you affected by CVE-2011-2150?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST