Описание
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (включая)
Одновременно
cpe:2.3:a:ebay:paypal:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00085
Низкий
2.9 Low
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
EPSS
Процентиль: 25%
0.00085
Низкий
2.9 Low
CVSS2
Дефекты
CWE-287