CVE-2012-5790

Name of the Vulnerable Software and Affected Versions PayPal Payments Standard PHP Library version 20120427

Description The issue arises from the library's failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, due to a misinterpretation of a certain TRUE value.

Recommendations For PayPal Payments Standard PHP Library version 20120427, update the library to properly verify the server hostname against the X.509 certificate to prevent man-in-the-middle attacks.