CVE-2007-3597

Published: Jul 6, 2007Modified: Apr 23, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

Affected (1)

Products: Zen Cart: Zen Cart

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zen Cart Zen Cart	Up to 1.3.7

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (12)

http://osvdb.org/37836

Source: cve@mitre.org

http://secunia.com/advisories/25942

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/2866

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781

Source: cve@mitre.org

http://superb-east.dl.sourceforge.net/sourceforge/zencart/zen-cart-v1.3.7-admin-patch.zip

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/472875/100/0/threaded

Source: cve@mitre.org

http://osvdb.org/37836

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25942

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/2866

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781

Source: af854a3a-2127-422b-91ae-364da2661108

http://superb-east.dl.sourceforge.net/sourceforge/zencart/zen-cart-v1.3.7-admin-patch.zip

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/472875/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.