CVE-2012-2731
N/A
N/A
Summary
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
- http://www.securityfocus.com/bid/53999
- http://drupal.org/node/1633048
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://drupal.org/node/1619586
References
- http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
- http://www.securityfocus.com/bid/53999
- http://drupal.org/node/1633048
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://drupal.org/node/1619586
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.