PT-2012-2216 · Civicrm · Civicrm
Publicado
2012-11-06
·
Atualizado
2012-11-06
·
CVE-2011-5239
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
CiviCRM versions 4.0.5 and 4.1.1
Description
The issue arises from the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Recommendations
For version 4.0.5, update to a version that includes the fix for this issue.
For version 4.1.1, update to a version that includes the fix for this issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Civicrm