Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7311

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-7311
Last Modified 12 Apr 2012 12:00:00
Published 05 Apr 2012 09:25:21
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7311

Summary

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.

Vulnerable Systems

Application

  • Spreecommerce Spree 0.2.0


References

CONFIRM - http://support.spreehq.org/issues/show/63

CONFIRM - http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/


Last Updated: 27 May 2016 10:42:31