CVE-2012-5799 in CanadaPostinfo

Summary

The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/04/2012

Disclosure

11/04/2012

Moderation

VulDB entry created

Entries

1: VDB-62846

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.5

EPSS

0.00134

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-5799
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5799
CVE Details	https://www.cvedetails.com/cve/CVE-2012-5799/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!