CVE-2012-2731

EUVD-2012-2711
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
richardo_anteubercart_ajax_cart
6.x-2.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1619586
http://drupal.org/node/1633048
http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.securityfocus.com/bid/53999
https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
http://drupal.org/node/1619586
http://drupal.org/node/1633048
http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.securityfocus.com/bid/53999
https://exchange.xforce.ibmcloud.com/vulnerabilities/76332