Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31211
HistoryOct 14, 2014 - 12:00 a.m.

CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product

2014-10-1400:00:00
vulners.com
27

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-5516

"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product

Vendor

DS Data Systems (UK) Ltd.

Product

"KonaKart is an affordable java based shopping cart software solution for online retailers.
Let KonaKart help increase your eCommerce sales."

"KonaKart is a Java eCommerce system aimed at medium to large online retailers."

Affected versions

This vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0

Patch

The vendor has released a XSRF fix as part of version 7.3.0.0 at
http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

Reported by

This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.

Severity

Medium

Description

The existing CSRF protection token was checked for every POST request
properly. When modifying the request from POST method to GET method
all state-changing actions worked as well, but the CSRF token protection
was no longer enforced, allowing CSRF attacks.

Escalation potential

Exploitation demonstration was responsibly provided along with the vulnerability
report to the vendor, which changed a victim's mail address (using the CSRF
protection bypass) to an attacker-supplied mail address, allowing a successful
reset of victim's account password by the attacker.

Timeline

2014-05-02 Vulnerability discovered
2014-05-02 Vulnerability responsibly reported to vendor
2014-05-02 Reply from vendor acknowledging report
2014-??-?? Vendor released patch as part of version 7.3.0.0
2014-09-20 Advisory published via BugTraq

References

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
http://www.christian-schneider.net/advisories/CVE-2014-5516.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAlQd69cACgkQXYAsOfddvFOTVACgr/f5+x5kf60t5LaCqhH0pvSY
QYoAnjiI0WSa3iGuw/OfXk3/vLV+liFm
=61mn
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:31211