{"vuid":"VU#791307","idnumber":"791307","name":"eBay web site allows intruders to login to gain unauthorized access to user's information","keywords":["eBay","my eBay","arbitrary user","login to any user account","view sensitive information"],"overview":"Ebay (www.ebay.com)is a popular online auction site. A vulnerability in the ebay web site prior to April 24, 2002, could have allowed an intruder to gain access to a victim's personal data.","clean_desc":"Prior to April 24, 2002, an intruder may have been able to gain access to certain personal data of ebay users, including transaction history and shipping addresses, but not including credit card data. By submitting a certain type of invalid login request to the ebay web site, an intruder could log in as a legitimate user to the \"My Ebay\" portion of the web site. There is no evidence that anyone used this vulnerability to gain unauthorized access to data.","impact":"Personal information of ebay users may have been exposed to third parties.","resolution":"No action is required on the part of ebay users. Ebay corrected the flaw on April 24, 2002.","workarounds":"","sysaffected":"","thanks":"Our thanks to \nBrent Barnett IT Consultant\n for reporting this vulnerability and technical assistance.","author":"This document was written by Shawn Hernan.","public":["h","t","t","p",":","/","/","w","w","w",".","e","b","a","y",".","c","o","m"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-04-24T13:27:10Z","publicdate":"2002-07-11T00:00:00Z","datefirstpublished":"2002-07-11T19:36:32Z","dateupdated":"2010-10-07T13:09:08Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"10","cam_exploitation":"1","cam_internetinfrastructure":"1","cam_population":"5","cam_impact":"2","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"0.9","cam_scorecurrentwidelyknown":"1.65","cam_scorecurrentwidelyknownexploited":"3.075","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.9,"vulnote":null}