Missing HTTPOnly Flag in SmarterTools SmarterStats 6.0 Login Cookie
CVE-2011-2154 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Learn more about our Web App Pen Testing.