Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2341

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-2341
Last Modified 22 Apr 2014 01:04:20
Published 22 Apr 2014 09:06:29
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2341

Summary

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Vulnerable Systems

Application

  • Cubecart 5.2.0

  • Cubecart 5.2.1

  • Cubecart 5.2.2

  • Cubecart 5.2.3

  • Cubecart 5.2.4

  • Cubecart 5.2.5

  • Cubecart 5.2.6

  • Cubecart 5.2.7

  • Cubecart 5.2.8


References

XF - cubecart-cve20142341-session-hijacking(92526)

SECTRACK - 1030086

BID - 66805

OSVDB - 105784

EXPLOIT-DB - 32830

SECUNIA - 57856

CONFIRM - http://forums.cubecart.com/topic/48427-cubecart-529-relased/


Last Updated: 27 May 2016 11:05:02