exploitDog

CVE-2012-5808

Опубликовано: 04 нояб. 2012

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Ссылки

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Exploit
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:firstdata:linkpoint:-:*:*:*:*:*:*:*

cpe:2.3:a:zen-cart:zen_cart:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00134

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-mj65-ww75-7rcv

github

больше 3 лет назад

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

EPSS

Процентиль: 33%

0.00134

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20