CVE-2012-5823

Name of the Vulnerable Software and Affected Versions Open Source Classifieds (affected versions not specified)

Description The issue is related to the verification of server hostname against the domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This lack of verification allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary valid certificate. The problem is associated with the use of the PHP fsockopen function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.