Cross-Domain Referer Leakage in SmarterTools SmarterStats 6.2.4100

Cross-Domain Referer Leakage in SmarterTools SmarterStats 6.2.4100

CVE-2011-4751 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Learn more about our Web App Pen Testing.