PT-2012-6105 · Oscommerce · Oscommerce
Published
2012-11-04
·
Updated
2017-08-29
·
CVE-2012-5793
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
osCommerce (affected versions not specified)
Description
The issue concerns the Authorize.Net module in osCommerce, which fails to verify the server hostname against the domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers using any valid certificate.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oscommerce