CVE-2012-5822

Name of the Vulnerable Software and Affected Versions Zamboni (affected versions not specified)

Description The issue is related to the contribution feature in Zamboni, which fails to verify the server hostname against the domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers using any valid certificate. The problem is associated with the use of the Python urllib2 library.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.