CVE-2012-5788

Name of the Vulnerable Software and Affected Versions PayPal IPN utility (affected versions not specified)

Description The issue concerns a lack of verification in the PayPal IPN utility that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. The problem is related to the use of the PHP fsockopen function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.