Missing HTTPOnly Flag in SmarterTools SmarterStats 6.0 Login Cookie

Missing HTTPOnly Flag in SmarterTools SmarterStats 6.0 Login Cookie

CVE-2011-2154 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Learn more about our Web App Pen Testing.