CVE-2011-2154

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
20/05/2011
Last modified:
11/04/2025

Description

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*