{"vuid":"VU#240150","idnumber":"240150","name":"SmarterTools default basic web server vulnerabilities","keywords":["SmarterTools","SmarterMail","SmarterStats","XML"],"overview":"Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities","clean_desc":"Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. This basic web server is vulnerable to multiple vulnerabilites. According to the vulnerability reporter this basic web server is vulnerable to XML injection, operating system command execution, LDAP injection, directory path traversal, and denial of service.","impact":"An attacker with network access to the SmarterTools application basic web server may be able to run system commands, inject arbitrary data, or download arbitrary files.","resolution":"The vendor recommends that users do not use the included web server in a production environment. They advise users to use Microsoft Internet Information Services instead. Instructions for configuring the SmarterTools suite of applications to use Microsoft Internet Information Services can be found on SmarterTools knowledge base.","workarounds":"","sysaffected":"","thanks":"Thanks to David Hoyt of Hoyt LLC Research for reporting these vulnerabilities.","author":"This document was written by Michael Orlando.","public":["http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html","http://portal.smartertools.com/KB/a1485/set-up-smartermail-as-a-site-in-iis-70.aspx","http://portal.smartertools.com/KB/a1484/set-up-smartermail-as-an-iis-site-iis-60.aspx","http://portal.smartertools.com/KB/search.aspx"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-04-29T13:17:14Z","publicdate":"2011-05-18T00:00:00Z","datefirstpublished":"2011-05-18T19:18:59Z","dateupdated":"2011-05-18T19:24:33Z","revision":11,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}