CVE-2012-5817

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Codehaus XFire versions 1.2.6 and earlier

Description The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For Codehaus XFire versions 1.2.6 and earlier, consider implementing certificate validation to ensure the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate as a temporary workaround until a patch is available.

Exploit

Fix

RCE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-295

Related Identifiers

CVE-2012-5817

GHSA-5JC8-8XHV-G8QM

Affected Products

Xfire

CVE-2012-5817

Weakness Enumeration

Related Identifiers

Affected Products

References · 4