Vulnerability Details : CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2012-2731
Probability of exploitation activity in the next 30 days: 0.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2731
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2012-2731
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2731
-
http://drupal.org/node/1619586
uc_ajax_cart 6.x-2.1 | Drupal.orgPatch
-
http://www.openwall.com/lists/oss-security/2012/06/14/3
oss-security - Re: CVE Request for Drupal contributed modules
-
http://www.securityfocus.com/bid/53999
Drupal Ubercart AJAX Cart Module Information Disclosure Vulnerability
-
http://drupal.org/node/1633048
Access to this page has been denied.Patch;Vendor Advisory
-
http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
Access to this page has been denied.Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/76332
Ubercart AJAX Cart for Drupal information disclosure CVE-2012-2731 Vulnerability Report
Products affected by CVE-2012-2731
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha7:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha8:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc1:*:*:*:*:*:*