CVE-2011-2155

{"id": "CVE-2011-2155", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-05-20T22:55:05.783", "references": [{"url": "http://www.kb.cert.org/vuls/id/240150", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", "source": "cve@mitre.org"}, {"url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67827", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/240150", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67827", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation."}, {"lang": "es", "value": "Login.aspx en el servidor we SmarterTools SmarterStats v6.0 genera un campo de contrase\u00f1actl00$MPH$txtPassword sin desactivar la funci\u00f3n de autocompletar, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos evitar la autenticaci\u00f3n mediante el aprovechamiento de una estaci\u00f3n de trabajo sin vigilancia."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smartertools:smarterstats:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D2ADA66-6F92-44B9-BAFF-8684ADBF8E4F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}