CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-7311

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.4%

CVSS Severity

CVSS v2 Score 5.0

References

http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
http://support.spreehq.org/issues/show/63
http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
http://support.spreehq.org/issues/show/63

Products affected by CVE-2008-7311

Spreecommerce » Spree » Version: 0.2.0

cpe:2.3:a:spreecommerce:spree:0.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-7311

Products

Pricing

Contact Us