CVE-2012-6087 in Moodle PHP
요약 (영어)
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
예약하다
2012. 12. 06.
공개
2013. 09. 16.
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 7435 | Moodle PHP Library S3.php 권한 상승 | 20 | 개념 증명 | 공식 수정 | CVE-2012-6087 |