CVE-2012-5823 - CERT CVE
ID CVE-2012-5823
Sažetak Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
Reference
CVSS
Base: 5.8
Impact: 4.9
Exploitability:8.6
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:N/C:P/I:P/A:N
Zadnje važnije ažuriranje 05-11-2012 - 05:00
Objavljeno 04-11-2012 - 22:55