CVE-2012-5815

Name of the Vulnerable Software and Affected Versions Rackspace app version 2.1.5

Description The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because the app does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For Rackspace app version 2.1.5, consider updating to a newer version that includes a fix for this issue, as the current version does not properly verify SSL certificates, allowing for potential man-in-the-middle attacks.