Vulnerability Description
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubercart | Ubercart | 6.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- https://drupal.org/node/2158565Patch
- https://drupal.org/node/2158567Patch
- https://drupal.org/node/2158651PatchVendor Advisory
- https://drupal.org/node/2158565Patch
- https://drupal.org/node/2158567Patch
- https://drupal.org/node/2158651PatchVendor Advisory
FAQ
What is CVE-2013-7302?
CVE-2013-7302 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote att...
How severe is CVE-2013-7302?
CVE-2013-7302 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7302?
Check the references section above for vendor advisories and patch information. Affected products include: Ubercart Ubercart, Drupal Drupal.