{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-29T12:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drupal.org/node/2158651"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2158567"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://drupal.org/node/2158565"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drupal.org/node/2158651", "refsource": "MISC", "url": "https://drupal.org/node/2158651"}, {"name": "https://drupal.org/node/2158567", "refsource": "CONFIRM", "url": "https://drupal.org/node/2158567"}, {"name": "https://drupal.org/node/2158565", "refsource": "CONFIRM", "url": "https://drupal.org/node/2158565"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.579Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drupal.org/node/2158651"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2158567"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://drupal.org/node/2158565"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7302", "datePublished": "2014-04-29T14:00:00", "dateReserved": "2014-01-20T00:00:00", "dateUpdated": "2024-08-06T18:01:20.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*", "matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*", "matchCriteriaId": "52ED25DF-7F6B-4725-B837-C544F5D7CF9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BF3F0CC-434F-4BB5-A1E0-C8D9A840249B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*", "matchCriteriaId": "38526BF4-4387-48DB-B297-6F723C2C16C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*", "matchCriteriaId": "75364B1F-5D1E-4BE2-996D-262FBAE92142", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*", "matchCriteriaId": "28718ABE-3284-4DD0-AC64-91EF9EBEE912", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*", "matchCriteriaId": "190B6BCD-55BC-4C18-8554-75B1C857513E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.8:*:*:*:*:*:*:*", "matchCriteriaId": "AFB74115-1633-4A2C-94D0-1A85FE4A10B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.9:*:*:*:*:*:*:*", "matchCriteriaId": "CFE04BC5-0630-4919-B59A-0E3DD425E034", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E52D7FC2-5A12-4696-980A-4790BA34024B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.11:*:*:*:*:*:*:*", "matchCriteriaId": "5D826F3F-574F-4223-84FF-19FC2F746864", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.12:*:*:*:*:*:*:*", "matchCriteriaId": "8B158209-72C5-4171-A17E-F14D55418C3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BC3A61-E7DB-4DBC-94CC-9044924565D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "A6D24014-F825-48EF-B6F3-5833FE2A0B1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "151306C9-2F74-40D2-91B4-83F1462C9C3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "876E0000-FB61-4772-B276-69EA82EBA6A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "74015B5D-E453-4929-AFE5-F796B3372996", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "74B174EB-05D1-49A0-932E-108D48A86123", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7A3863C1-4C78-4E73-B7CF-B652BE6B6CCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "CBE8363A-30FB-412D-8EB0-B11EBE44746B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*", "matchCriteriaId": "32A8EFC1-A98A-400F-B500-A56DB9EEFC0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6AED1B86-A20F-4C7E-A920-31553A4716EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "67F969B8-9FD7-4A58-826B-626598B4AE9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "85E02C58-8311-4441-B55C-2E5A41A63993", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "326F858F-B04E-44B2-B7F8-A011A8856AF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A86D61B8-A2BF-45C5-9CBB-DEF7A612E3B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A290F817-BAB5-466B-8131-6D3532BD5723", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*", "matchCriteriaId": "8DE42D13-5230-4DCE-8483-6AEF849E54D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B7BC082-E29C-49FA-BA15-7753D84D574B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8855848F-CBF8-4766-B220-8D3E031F2E33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."}, {"lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el m\u00f3dulo Ubercart 6.x-2.x anterior a 6.x-2.13 y 7.x-3.x anterior a 7.x-3.6 para Drupal, cuando la opci\u00f3n \"Registrar clientes nuevos despu\u00e9s de comprobaci\u00f3n\" est\u00e1 habilitada, permite a atacantes remotos secuestrar sesiones web mediante el aprovechamiento de conocimiento del identificador de sesi\u00f3n original."}], "id": "CVE-2013-7302", "lastModified": "2014-04-30T14:04:51.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-29T14:38:49.907", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://drupal.org/node/2158565"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://drupal.org/node/2158567"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://drupal.org/node/2158651"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}