CVE-2012-2731

{"id": "CVE-2012-2731", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-06-27T00:55:05.520", "references": [{"url": "http://drupal.org/node/1619586", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1633048", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/53999", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76332", "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1619586", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupal.org/node/1633048", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/53999", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76332", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage."}, {"lang": "es", "value": "Ubercart AJAX Cart v6.x-2.x anterior a v6.x-2.1 para Drupal almacena la id de la sesi\u00f3n en la tabla de configuraci\u00f3n de p\u00e1ginas cargadas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible espiando o leyendo la cach\u00e9 del HTML de una p\u00e1gina Web."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "819371CE-52A1-4E45-9C01-3CB54A2D71C1"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7D584A5-A7E9-4819-8390-890EC05CE18D"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B43676-47B8-40FD-A203-3958BF1767DD"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:alpha8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE3116C-C1C3-4D23-9070-0119B416E00B"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C297714-7DBA-424A-A26F-9E71DAE5CACC"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7EA85D7-CD67-4E94-AAF7-F518BED6A136"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E57E698-06D9-43AB-83F7-9C4F3F19F8B0"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A830D71-E4DD-467C-9A67-19CBBD961573"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6555D335-0B6A-4CFC-89F7-90161460E995"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0A82EB-A0CA-43E2-A3C5-30853CEBE105"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309E9F5C-35E1-4D30-ABD3-183D4D349924"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94CCC105-E0FD-4D17-B53C-C2E40FC10E29"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33A04164-E531-49DD-BA0A-D8881E2C144D"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496D57BC-235E-4BE1-92D8-F407155C83BF"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC710CC6-26BD-417D-BE77-D0CBB791C6F4"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64D26BF9-1788-4E75-992C-0EF5C38B7929"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF5B7207-BCEB-4ECA-9AA5-01B1341E62A2"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2DB07DE-149B-4EA2-A379-563210FF9614"}, {"criteria": "cpe:2.3:a:richardo_ante:ubercart_ajax_cart:6.x-2.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5884BEE5-330B-4487-8D94-D8E11442D4E6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}