Lucene search
RubySecRUBY:SPREE-2008-7311-81506HistoryAug 11, 2008 - 8:00 p.m.
Spree Hardcoded config.action_controller_session Hash Value Cryptographic Protection Weakness
2008-08-1120:00:00
RubySec
spreecommerce.com
5
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
51.5%
Spree contains a hardcoded flaw related to the
config.action_controller_session hash value. This may allow an attacker to
more easily bypass cryptographic protection.
Affected configurations
Node
rubyspreeRange≤0.3.0
Related
osv
osv
Spree uses a hardcoded hash value
2022-05-17 05:30:58
nvd
nvd
CVE-2008-7311
2012-04-05 13:25:21
github
github
Spree uses a hardcoded hash value
2022-05-17 05:30:58
prion
prion
Hardcoded credentials
2012-04-05 13:25:00
cve
cve
CVE-2008-7311
2012-04-05 13:25:21
cvelist
cvelist
CVE-2008-7311
2012-04-04 22:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.001
Percentile
51.5%
Related for RUBY:SPREE-2008-7311-81506