CVE-2011-4751: Infoleak
First published: Fri Dec 16 2011(Updated: )
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SmarterTools SmarterStats | =6.2.4100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-4751?
CVE-2011-4751 has a medium severity due to its potential for exposing sensitive information through web server logs.
How do I fix CVE-2011-4751?
To fix CVE-2011-4751, upgrade SmarterTools SmarterStats to a version later than 6.2.4100 that addresses this vulnerability.
What are the potential impacts of CVE-2011-4751?
The potential impacts of CVE-2011-4751 include unauthorized access to sensitive information through web server log exposure.
Who is affected by CVE-2011-4751?
CVE-2011-4751 affects users of SmarterTools SmarterStats version 6.2.4100.
What types of attacks can exploit CVE-2011-4751?
CVE-2011-4751 can be exploited through information disclosure attacks that leverage external links in GET requests.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/smartertools
- canonical/smartertools smarterstats
- version/smartertools smarterstats/6.2.4100