CVE
- Id
- 1679
- CVE No.
- CVE-2000-0101
- Status
- Candidate
- Description
- The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
- Phase
- Proposed (20000208)
- Votes
- ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(1) Christey | RECAST(1) Cole | REVIEWING(1) Wall
- Comments
- Cole> I would combine all of these shopping cart applications into one listing, | since they all have the same vulnerability being able to modify sensitive | purchase information via hidden form fields. My concern is in cases like | this we used over 10 entries for basically the same vulnerability. I could | think of cases were there could be 20+ applications with the same | vulnerability and in my opinion it could start to weaken the value of CVE | where there are 30 entries all referring to the same thing. It is almost | like we are playing the vendor game where more is better. I think we | should go after the quality over quantity aspect. | Christey> I disagree with Eric here. This vulnerability is a "type" of | problem in the same way that a buffer overflow is a "type" of | problem. While the shopping cart application bugs were | proposed mostly at the same time, they are all by different | vendors. | | The raw numbers of applications with this problem can make it | appear that CVE is artificially inflating the number of | entries. However, content decisions such as CD:SF-LOC | (different lines of code) dictate that these should be | separated. It"s not a "numbers game" but rather a principled | and consistent approach to resolving problems with | selecting a level of abstraction. | Frech> XF:shopping-cart-form-tampering
