CVE-2012-5583 in phpCASinfo

Summary

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

10/24/2012

Disclosure

06/06/2014

Moderation

VulDB entry created

Entries

VDB-69962 (1)

CPE

ready

CWE

CWE-310 (Confirmed)

CVSS

6.5

EPSS

0.00152

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5583
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5583
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5583/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!