Lucene search

[email protected]NVD:CVE-2012-5781

HistoryNov 04, 2012 - 10:55 p.m.

CVE-2012-5781

2012-11-0422:55:03

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager.

Affected configurations

Nvd

Node

amazonelastic_load_balancingMatch-

amazonelastic_load_balancingMatch1.0

amazonelastic_load_balancingMatch1.01

amazonelastic_load_balancingMatch1.0.3.4

amazonelastic_load_balancingMatch1.0.9.3

amazonelastic_load_balancingMatch1.0.10.0

amazonelastic_load_balancingMatch1.0.11.1

amazonelastic_load_balancingMatch1.0.12.0

amazonelastic_load_balancingMatch1.0.14.3

amazonelastic_load_balancingMatch1.0.15.1

amazonelastic_load_balancingMatch1.0.17.0

VendorProductVersionCPE
amazonelastic_load_balancing-cpe:2.3:a:amazon:elastic_load_balancing:-:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0cpe:2.3:a:amazon:elastic_load_balancing:1.0:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0cpe:2.3:a:amazon:elastic_load_balancing:1.0:1:*:*:*:*:*:*
amazonelastic_load_balancing1.0.3.4cpe:2.3:a:amazon:elastic_load_balancing:1.0.3.4:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0.9.3cpe:2.3:a:amazon:elastic_load_balancing:1.0.9.3:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0.10.0cpe:2.3:a:amazon:elastic_load_balancing:1.0.10.0:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0.11.1cpe:2.3:a:amazon:elastic_load_balancing:1.0.11.1:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0.12.0cpe:2.3:a:amazon:elastic_load_balancing:1.0.12.0:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0.14.3cpe:2.3:a:amazon:elastic_load_balancing:1.0.14.3:*:*:*:*:*:*:*
amazonelastic_load_balancing1.0.15.1cpe:2.3:a:amazon:elastic_load_balancing:1.0.15.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
amazon	elastic_load_balancing	-	cpe:2.3:a:amazon:elastic_load_balancing:-:::::::*
amazon	elastic_load_balancing	1.0	cpe:2.3:a:amazon:elastic_load_balancing:1.0:::::::*
amazon	elastic_load_balancing	1.0	cpe:2.3:a:amazon:elastic_load_balancing:1.0:1::::::
amazon	elastic_load_balancing	1.0.3.4	cpe:2.3:a:amazon:elastic_load_balancing:1.0.3.4:::::::*
amazon	elastic_load_balancing	1.0.9.3	cpe:2.3:a:amazon:elastic_load_balancing:1.0.9.3:::::::*
amazon	elastic_load_balancing	1.0.10.0	cpe:2.3:a:amazon:elastic_load_balancing:1.0.10.0:::::::*
amazon	elastic_load_balancing	1.0.11.1	cpe:2.3:a:amazon:elastic_load_balancing:1.0.11.1:::::::*
amazon	elastic_load_balancing	1.0.12.0	cpe:2.3:a:amazon:elastic_load_balancing:1.0.12.0:::::::*
amazon	elastic_load_balancing	1.0.14.3	cpe:2.3:a:amazon:elastic_load_balancing:1.0.14.3:::::::*
amazon	elastic_load_balancing	1.0.15.1	cpe:2.3:a:amazon:elastic_load_balancing:1.0.15.1:::::::*

Rows per page:

1-10 of 111

References

www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

Related for NVD:CVE-2012-5781

cvelist1 cve1 prion1