CVE-2012-2731
Published Jun 27, 2012
Last updated 7 years ago
Overview
- Description
- The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "819371CE-52A1-4E45-9C01-3CB54A2D71C1" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7D584A5-A7E9-4819-8390-890EC05CE18D" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B43676-47B8-40FD-A203-3958BF1767DD" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE3116C-C1C3-4D23-9070-0119B416E00B" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C297714-7DBA-424A-A26F-9E71DAE5CACC" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7EA85D7-CD67-4E94-AAF7-F518BED6A136" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E57E698-06D9-43AB-83F7-9C4F3F19F8B0" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A830D71-E4DD-467C-9A67-19CBBD961573" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6555D335-0B6A-4CFC-89F7-90161460E995" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0A82EB-A0CA-43E2-A3C5-30853CEBE105" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309E9F5C-35E1-4D30-ABD3-183D4D349924" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94CCC105-E0FD-4D17-B53C-C2E40FC10E29" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33A04164-E531-49DD-BA0A-D8881E2C144D" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496D57BC-235E-4BE1-92D8-F407155C83BF" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC710CC6-26BD-417D-BE77-D0CBB791C6F4" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64D26BF9-1788-4E75-992C-0EF5C38B7929" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF5B7207-BCEB-4ECA-9AA5-01B1341E62A2" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2DB07DE-149B-4EA2-A379-563210FF9614" }, { "criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5884BEE5-330B-4487-8D94-D8E11442D4E6" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF" } ], "operator": "OR" } ], "operator": "AND" } ]