ID CVE-2008-7311 Type cve Reporter NVD Modified 2012-04-12T00:00:00
Description
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
{"viewCount": 0, "lastseen": "2016-09-03T11:56:19", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "type": "cve", "description": "The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.", "assessment": {"name": "", "system": "", "href": ""}, "reporter": "NVD", "published": "2012-04-05T09:25:21", "history": [], "title": "CVE-2008-7311", "cpe": ["cpe:/a:spreecommerce:spree:0.2.0"], "bulletinFamily": "NVD", "edition": 1, "scanner": [], "id": "CVE-2008-7311", "cvelist": ["CVE-2008-7311"], "hash": "2ac53b918bcdafee24133635e148a7e6363f542c11c25ba48491c05626c3b5f9", "modified": "2012-04-12T00:00:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7311", "objectVersion": "1.2", "references": ["http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/"], "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T11:56:19"}, "dependencies": {"references": [], "modified": "2016-09-03T11:56:19"}, "vulnersScore": 5.0}}
