← voltar
CVE-2008-7311

CVE-2008-7311

EPSS 1.2%
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/http://support.spreehq.org/issues/show/63