Vulnerability Details CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.3%
CVSS Severity
CVSS v2 Score 2.6
References
- http://drupal.org/node/1619586
- http://drupal.org/node/1633048
- http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.securityfocus.com/bid/53999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
- http://drupal.org/node/1619586
- http://drupal.org/node/1633048
- http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.securityfocus.com/bid/53999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
Products affected by CVE-2012-2731
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0