Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2303

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2002-2303
Last Modified 05 Sep 2008 04:32:52
Published 31 Dec 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2303

Summary

3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.

Vulnerable Systems

Application

  • 3d3.com Shopfactory 5.8


References

XF - shopfactory-price-modification(10746)

BID - 6296

BUGTRAQ - 20021202 ShopFactory shopping cart price manipulation

SREASON - 3263

BUGTRAQ - 20030305 shopfactory shopping cart


Last Updated: 27 May 2016 10:37:41