5
CVE-2008-7311
- EPSS 1.24%
- Veröffentlicht 05.04.2012 13:25:21
- Zuletzt bearbeitet 16.06.2026 23:04:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Spreecommerce ≫ Spree Version0.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.654 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/
http://support.spreehq.org/issues/show/63