fkie_nvd - fkie_cve-2013-7302

fkie_cve-2013-7302

Vulnerability from fkie_nvd

Published

2014-04-29 14:38

Modified

2025-04-12 10:46

Severity ?

Summary

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

References

URL	Tags
cve@mitre.org	https://drupal.org/node/2158565	Patch
cve@mitre.org	https://drupal.org/node/2158567	Patch
cve@mitre.org	https://drupal.org/node/2158651	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://drupal.org/node/2158565	Patch
af854a3a-2127-422b-91ae-364da2661108	https://drupal.org/node/2158567	Patch
af854a3a-2127-422b-91ae-364da2661108	https://drupal.org/node/2158651	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.0
ubercart	ubercart	6.x-2.1
ubercart	ubercart	6.x-2.2
ubercart	ubercart	6.x-2.3
ubercart	ubercart	6.x-2.4
ubercart	ubercart	6.x-2.6
ubercart	ubercart	6.x-2.7
ubercart	ubercart	6.x-2.8
ubercart	ubercart	6.x-2.9
ubercart	ubercart	6.x-2.10
ubercart	ubercart	6.x-2.11
ubercart	ubercart	6.x-2.12
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.0
ubercart	ubercart	7.x-3.1
ubercart	ubercart	7.x-3.2
ubercart	ubercart	7.x-3.3
ubercart	ubercart	7.x-3.4
ubercart	ubercart	7.x-3.5
drupal	drupal	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
              "matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52ED25DF-7F6B-4725-B837-C544F5D7CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BF3F0CC-434F-4BB5-A1E0-C8D9A840249B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "38526BF4-4387-48DB-B297-6F723C2C16C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75364B1F-5D1E-4BE2-996D-262FBAE92142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "28718ABE-3284-4DD0-AC64-91EF9EBEE912",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "190B6BCD-55BC-4C18-8554-75B1C857513E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB74115-1633-4A2C-94D0-1A85FE4A10B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE04BC5-0630-4919-B59A-0E3DD425E034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52D7FC2-5A12-4696-980A-4790BA34024B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D826F3F-574F-4223-84FF-19FC2F746864",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B158209-72C5-4171-A17E-F14D55418C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BC3A61-E7DB-4DBC-94CC-9044924565D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "A6D24014-F825-48EF-B6F3-5833FE2A0B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "151306C9-2F74-40D2-91B4-83F1462C9C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "876E0000-FB61-4772-B276-69EA82EBA6A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "74015B5D-E453-4929-AFE5-F796B3372996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "74B174EB-05D1-49A0-932E-108D48A86123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7A3863C1-4C78-4E73-B7CF-B652BE6B6CCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "CBE8363A-30FB-412D-8EB0-B11EBE44746B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*",
              "matchCriteriaId": "32A8EFC1-A98A-400F-B500-A56DB9EEFC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6AED1B86-A20F-4C7E-A920-31553A4716EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "67F969B8-9FD7-4A58-826B-626598B4AE9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "85E02C58-8311-4441-B55C-2E5A41A63993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "326F858F-B04E-44B2-B7F8-A011A8856AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A86D61B8-A2BF-45C5-9CBB-DEF7A612E3B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A290F817-BAB5-466B-8131-6D3532BD5723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE42D13-5230-4DCE-8483-6AEF849E54D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B7BC082-E29C-49FA-BA15-7753D84D574B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8855848F-CBF8-4766-B220-8D3E031F2E33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el m\u00f3dulo Ubercart 6.x-2.x anterior a 6.x-2.13 y 7.x-3.x anterior a 7.x-3.6 para Drupal, cuando la opci\u00f3n \"Registrar clientes nuevos despu\u00e9s de comprobaci\u00f3n\" est\u00e1 habilitada, permite a atacantes remotos secuestrar sesiones web mediante el aprovechamiento de conocimiento del identificador de sesi\u00f3n original."
    }
  ],
  "id": "CVE-2013-7302",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-29T14:38:49.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://drupal.org/node/2158565"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://drupal.org/node/2158567"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://drupal.org/node/2158651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://drupal.org/node/2158565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://drupal.org/node/2158567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://drupal.org/node/2158651"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-7302 (GCVE-0-2013-7302)

Vulnerability from cvelistv5

Published

2014-04-29 14:00