Lucene search

K
cve[email protected]CVE-2012-5801
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-5801

2022-10-0316:15:31
CWE-20
web.nvd.nist.gov
24
prestashop
paypal
ssl
server
spoofing
certificate
vulnerability
fsockopen
nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

Affected configurations

NVD
Node
prestashopebayMatch-
OR
prestashopprestashopMatch-

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

Related for CVE-2012-5801