CVE-2012-2731
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://drupal.org/node/1633048
Vendor advisory: secalert@redhat.com — http://drupal.org/node/1619586
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| richardo_ante | ubercart_ajax_cart | 6.x-2.0 | |
| drupal | drupal | - | |
References
- http://drupal.org/node/1619586
- http://drupal.org/node/1633048
- http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.securityfocus.com/bid/53999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
- http://drupal.org/node/1619586
- http://drupal.org/node/1633048
- http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.securityfocus.com/bid/53999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.