Security Advisory

CVE-2008-7311

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-04-04 22:00:00

Last updated 2024-09-17 00:06:53

Assigner mitre

State PUBLISHED

Description

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.

← Browse all CVEs View on cve.org ↗