What is the severity of CVE-2013-7302?

CVE-2013-7302 is classified as a moderate severity vulnerability.

How do I fix CVE-2013-7302?

To fix CVE-2013-7302, update your Ubercart module to version 6.x-2.13 or 7.x-3.6 or later.

What is affected by CVE-2013-7302?

CVE-2013-7302 affects Ubercart versions 6.x-2.x prior to 6.x-2.13 and 7.x-3.x prior to 7.x-3.6.

Can CVE-2013-7302 lead to session hijacking?

Yes, CVE-2013-7302 allows attackers to hijack web sessions through session fixation.

What versions of Ubercart need attention for CVE-2013-7302?

Versions 6.x-2.0 to 6.x-2.12 and 7.x-3.0 to 7.x-3.5 of Ubercart are affected by CVE-2013-7302.

Vulnerability/
CVE-2013-7302

medium

6.8

CWE

287

29/4/2014

30/4/2014

CVE-2013-7302

First published: Tue Apr 29 2014(Updated: )

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ubercart Ubercart	=6.x-2.0
Ubercart Ubercart	=6.x-2.0-beta1
Ubercart Ubercart	=6.x-2.0-beta2
Ubercart Ubercart	=6.x-2.0-beta3
Ubercart Ubercart	=6.x-2.0-beta4
Ubercart Ubercart	=6.x-2.0-beta5
Ubercart Ubercart	=6.x-2.0-beta6
Ubercart Ubercart	=6.x-2.0-dev
Ubercart Ubercart	=6.x-2.0-rc1
Ubercart Ubercart	=6.x-2.0-rc2
Ubercart Ubercart	=6.x-2.0-rc3
Ubercart Ubercart	=6.x-2.0-rc4
Ubercart Ubercart	=6.x-2.0-rc5
Ubercart Ubercart	=6.x-2.0-rc6
Ubercart Ubercart	=6.x-2.0-rc7
Ubercart Ubercart	=6.x-2.1
Ubercart Ubercart	=6.x-2.2
Ubercart Ubercart	=6.x-2.3
Ubercart Ubercart	=6.x-2.4
Ubercart Ubercart	=6.x-2.6
Ubercart Ubercart	=6.x-2.7
Ubercart Ubercart	=6.x-2.8
Ubercart Ubercart	=6.x-2.9
Ubercart Ubercart	=6.x-2.10
Ubercart Ubercart	=6.x-2.11
Ubercart Ubercart	=6.x-2.12
Ubercart Ubercart	=7.x-3.0
Ubercart Ubercart	=7.x-3.0-alpha1
Ubercart Ubercart	=7.x-3.0-alpha2
Ubercart Ubercart	=7.x-3.0-alpha3
Ubercart Ubercart	=7.x-3.0-beta1
Ubercart Ubercart	=7.x-3.0-beta2
Ubercart Ubercart	=7.x-3.0-beta3
Ubercart Ubercart	=7.x-3.0-beta4
Ubercart Ubercart	=7.x-3.0-dev
Ubercart Ubercart	=7.x-3.0-rc1
Ubercart Ubercart	=7.x-3.0-rc2
Ubercart Ubercart	=7.x-3.0-rc3
Ubercart Ubercart	=7.x-3.0-rc4
Ubercart Ubercart	=7.x-3.1
Ubercart Ubercart	=7.x-3.2
Ubercart Ubercart	=7.x-3.3
Ubercart Ubercart	=7.x-3.4
Ubercart Ubercart	=7.x-3.5
Drupal Drupal

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7302?
CVE-2013-7302 is classified as a moderate severity vulnerability.
How do I fix CVE-2013-7302?
To fix CVE-2013-7302, update your Ubercart module to version 6.x-2.13 or 7.x-3.6 or later.
What is affected by CVE-2013-7302?
CVE-2013-7302 affects Ubercart versions 6.x-2.x prior to 6.x-2.13 and 7.x-3.x prior to 7.x-3.6.
Can CVE-2013-7302 lead to session hijacking?
Yes, CVE-2013-7302 allows attackers to hijack web sessions through session fixation.
What versions of Ubercart need attention for CVE-2013-7302?
Versions 6.x-2.0 to 6.x-2.12 and 7.x-3.0 to 7.x-3.5 of Ubercart are affected by CVE-2013-7302.

agent/author
agent/description
agent/event
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
vendor/ubercart
canonical/ubercart ubercart
version/ubercart ubercart/6.x-2.0
version/ubercart ubercart/6.x-2.0-beta1
version/ubercart ubercart/6.x-2.0-beta2
version/ubercart ubercart/6.x-2.0-beta3
version/ubercart ubercart/6.x-2.0-beta4
version/ubercart ubercart/6.x-2.0-beta5
version/ubercart ubercart/6.x-2.0-beta6
version/ubercart ubercart/6.x-2.0-dev
version/ubercart ubercart/6.x-2.0-rc1
version/ubercart ubercart/6.x-2.0-rc2
version/ubercart ubercart/6.x-2.0-rc3
version/ubercart ubercart/6.x-2.0-rc4
version/ubercart ubercart/6.x-2.0-rc5
version/ubercart ubercart/6.x-2.0-rc6
version/ubercart ubercart/6.x-2.0-rc7
version/ubercart ubercart/6.x-2.1
version/ubercart ubercart/6.x-2.2
version/ubercart ubercart/6.x-2.3
version/ubercart ubercart/6.x-2.4
version/ubercart ubercart/6.x-2.6
version/ubercart ubercart/6.x-2.7
version/ubercart ubercart/6.x-2.8
version/ubercart ubercart/6.x-2.9
version/ubercart ubercart/6.x-2.10
version/ubercart ubercart/6.x-2.11
version/ubercart ubercart/6.x-2.12
version/ubercart ubercart/7.x-3.0
version/ubercart ubercart/7.x-3.0-alpha1
version/ubercart ubercart/7.x-3.0-alpha2
version/ubercart ubercart/7.x-3.0-alpha3
version/ubercart ubercart/7.x-3.0-beta1
version/ubercart ubercart/7.x-3.0-beta2
version/ubercart ubercart/7.x-3.0-beta3
version/ubercart ubercart/7.x-3.0-beta4
version/ubercart ubercart/7.x-3.0-dev
version/ubercart ubercart/7.x-3.0-rc1
version/ubercart ubercart/7.x-3.0-rc2
version/ubercart ubercart/7.x-3.0-rc3
version/ubercart ubercart/7.x-3.0-rc4
version/ubercart ubercart/7.x-3.1
version/ubercart ubercart/7.x-3.2
version/ubercart ubercart/7.x-3.3
version/ubercart ubercart/7.x-3.4
version/ubercart ubercart/7.x-3.5
vendor/drupal
canonical/drupal drupal

CVE-2013-7302

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7302?

How do I fix CVE-2013-7302?

What is affected by CVE-2013-7302?

Can CVE-2013-7302 lead to session hijacking?

What versions of Ubercart need attention for CVE-2013-7302?

Company

Resources

Contact