CVE-2014-2341 Detail

CVE-2014-2341

CVE Descriptions

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-287	Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 32830

Publication date : 2014-04-12 22h00 +00:00
Author : absane
EDB Verified : No

# Exploit Title: CubeCart 5.2.8 Session Fixation # Exploit Author: James Sibley (absane) # Blog: http://www.pentester.co # Download link: http://www.cubecart.com/download/5.2.8/zip # Discovery date: March 14th, 2014 # Vendor notified: March 15th, 2014 # Vendor fixed: April 10th, 2014 # Vendor ack: http://forums.cubecart.com/topic/48427-cubecart-529-relased/ # CVE assignment: CVE-2014-2341 CubeCart 5.2.8 is vulnerable to a session fixation vulnerability. The only protection offered is via the User-Agent header field, which can spoofed to match the victim. ======================= =Proof of Concept.....= ======================= *Set the User-Agent for both attacker and victim: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) *To attack a customer: Victim visits: http://[CubeCart Site]/index.php?PHPSESSID=1337 *To attack an administrator: Victim visits: http://[CubeCart Site]/admin.php?PHPSESSID=1337 When the victim logs in, the attacker can visit the same link (using the same User-Agent) and hijack the victim's session. ======================= =Cause................= ======================= The PHPSESSID parameter is not ignored and allows an attacker to specify their own session id. The code handling login procedures do not generate new sessions upon successful authentication. ======================= =Mitigation...........= ======================= Upgrade to CubeCart >= 5.2.9 If upgrading is not an option, here is a hackish workaround for the session fixation vulnerability: In admin.class.php add this at line 324: $GLOBALS['session']->restart(); In user.class.php add this at line 227: $GLOBALS['session']->restart();

Products Mentioned

Configuraton 0

Cubecart>>Cubecart >> Version To (including) 5.2.8

Cubecart>>Cubecart >> Version - (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.4 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.5 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.6 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.7 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.8 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.9 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.10 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.11 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.12 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.13 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.14 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.15 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.16 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.17 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.18 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.19 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.20 (Open CPE detail)
Cubecart>>Cubecart >> Version 3.0.21 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.0.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.1.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.1.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.1.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.1.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.2.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.2.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.2.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.2.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.4 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.5 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.6 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.7 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.8 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.3.9 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.4.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.4.4 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.4.5 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.4.6 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.4.7 (Open CPE detail)
Cubecart>>Cubecart >> Version 4.4.8 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.4 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.5 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.6 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.7 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.8 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.0.9 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.2.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.2.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.4 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.1.5 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.0 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.1 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.2 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.3 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.4 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.5 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.6 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.7 (Open CPE detail)
Cubecart>>Cubecart >> Version 5.2.8 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.0

Cubecart>>Cubecart >> Version 5.2.0 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.1

Cubecart>>Cubecart >> Version 5.2.1 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.2

Cubecart>>Cubecart >> Version 5.2.2 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.3

Cubecart>>Cubecart >> Version 5.2.3 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.4

Cubecart>>Cubecart >> Version 5.2.4 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.5

Cubecart>>Cubecart >> Version 5.2.5 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.6

Cubecart>>Cubecart >> Version 5.2.6 (Open CPE detail)

Cubecart>>Cubecart >> Version 5.2.7

Cubecart>>Cubecart >> Version 5.2.7 (Open CPE detail)

References

http://secunia.com/advisories/57856
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securityfocus.com/bid/66805
Tags : vdb-entry, x_refsource_BID

http://forums.cubecart.com/topic/48427-cubecart-529-relased/
Tags : x_refsource_CONFIRM

http://www.osvdb.org/105784
Tags : vdb-entry, x_refsource_OSVDB

http://www.securitytracker.com/id/1030086
Tags : vdb-entry, x_refsource_SECTRACK

http://www.exploit-db.com/exploits/32830
Tags : exploit, x_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/92526
Tags : vdb-entry, x_refsource_XF

CVE-2014-2341 : Detail