Lucene search

[email protected]NVD:CVE-2012-5662

HistoryMay 27, 2014 - 2:55 p.m.

CVE-2012-5662

2014-05-2714:55:02

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.7%

JSON

x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

Nvd

Node

paul_mattesx3270Range≤3.3.12ga11

paul_mattesx3270Match3.3.5

paul_mattesx3270Match3.3.6

paul_mattesx3270Match3.3.7

paul_mattesx3270Match3.3.8-

paul_mattesx3270Match3.3.8p1

paul_mattesx3270Match3.3.8p2

paul_mattesx3270Match3.3.8p3

paul_mattesx3270Match3.3.9ga11

paul_mattesx3270Match3.3.9ga12

paul_mattesx3270Match3.3.10ga3

paul_mattesx3270Match3.3.10ga4

paul_mattesx3270Match3.3.10ga5

paul_mattesx3270Match3.3.11beta2

paul_mattesx3270Match3.3.11beta4

paul_mattesx3270Match3.3.11ga6

paul_mattesx3270Match3.3.12beta6

paul_mattesx3270Match3.3.12ga10

paul_mattesx3270Match3.3.12ga7

VendorProductVersionCPE
paul_mattesx3270*cpe:2.3:a:paul_mattes:x3270:*:ga11:*:*:*:*:*:*
paul_mattesx32703.3.5cpe:2.3:a:paul_mattes:x3270:3.3.5:*:*:*:*:*:*:*
paul_mattesx32703.3.6cpe:2.3:a:paul_mattes:x3270:3.3.6:*:*:*:*:*:*:*
paul_mattesx32703.3.7cpe:2.3:a:paul_mattes:x3270:3.3.7:*:*:*:*:*:*:*
paul_mattesx32703.3.8cpe:2.3:a:paul_mattes:x3270:3.3.8:-:*:*:*:*:*:*
paul_mattesx32703.3.8cpe:2.3:a:paul_mattes:x3270:3.3.8:p1:*:*:*:*:*:*
paul_mattesx32703.3.8cpe:2.3:a:paul_mattes:x3270:3.3.8:p2:*:*:*:*:*:*
paul_mattesx32703.3.8cpe:2.3:a:paul_mattes:x3270:3.3.8:p3:*:*:*:*:*:*
paul_mattesx32703.3.9cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11:*:*:*:*:*:*
paul_mattesx32703.3.9cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12:*:*:*:*:*:*

Vendor	Product	Version	CPE
paul_mattes	x3270	*	cpe:2.3:a:paul_mattes:x3270::ga11::::::*
paul_mattes	x3270	3.3.5	cpe:2.3:a:paul_mattes:x3270:3.3.5:::::::*
paul_mattes	x3270	3.3.6	cpe:2.3:a:paul_mattes:x3270:3.3.6:::::::*
paul_mattes	x3270	3.3.7	cpe:2.3:a:paul_mattes:x3270:3.3.7:::::::*
paul_mattes	x3270	3.3.8	cpe:2.3:a:paul_mattes:x3270:3.3.8:-::::::
paul_mattes	x3270	3.3.8	cpe:2.3:a:paul_mattes:x3270:3.3.8:p1::::::
paul_mattes	x3270	3.3.8	cpe:2.3:a:paul_mattes:x3270:3.3.8:p2::::::
paul_mattes	x3270	3.3.8	cpe:2.3:a:paul_mattes:x3270:3.3.8:p3::::::
paul_mattes	x3270	3.3.9	cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11::::::
paul_mattes	x3270	3.3.9	cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12::::::