Lucene search

[email protected]CVE-2012-5807

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-5807

2022-10-0316:15:30

CWE-20

[email protected]

web.nvd.nist.gov

zen cart

echeck

man-in-the-middle

security vulnerability

cve-2012-5807

6.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

44.3%

JSON

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

NVD

Node

lincolnloopauthorize.net_echeck_moduleMatch-

zen-cartzen_cartMatch-

CPENameOperatorVersion
lincolnloop:authorize.net_echeck_modulelincolnloop authorize.net echeck moduleeq-
zen-cart:zen_cartzen-cart zen carteq-

CPE	Name	Operator	Version
lincolnloop:authorize.net_echeck_module	lincolnloop authorize.net echeck module	eq	-
zen-cart:zen_cart	zen-cart zen cart	eq	-

References

www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

6.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for CVE-2012-5807

nvd1 cvelist1 prion1