← voltar
CVE-2012-2731

CVE-2012-2731

EPSS 2.2%
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5http://drupal.org/node/1619586http://drupal.org/node/1633048https://exchange.xforce.ibmcloud.com/vulnerabilities/76332http://www.openwall.com/lists/oss-security/2012/06/14/3http://www.securityfocus.com/bid/53999