CVE-2008-7311
N/A
N/A
Summary
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://support.spreehq.org/issues/show/63
- http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
References
- http://support.spreehq.org/issues/show/63
- http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.