CVE-2012-5801

2012-11-0422:00:00

mitre

www.cve.org

prestashop

paypal

ssl

vulnerability

fsockopen

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

References

www.cs.utexas.edu/~shmat/shmat_ccs12.pdf