Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2731

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-2731
Last Modified 27 Jun 2012 12:00:00
Published 26 Jun 2012 08:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2731

Summary

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.

Vulnerable Systems

Application

  • Richardo Ante Ubercart Ajax Cart 6.x-2.0


References

XF - uberart-ajax-info-disc(76332)

BID - 53999

MLIST - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules

CONFIRM - http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5

MISC - http://drupal.org/node/1633048

CONFIRM - http://drupal.org/node/1619586


Last Updated: 27 May 2016 10:56:36