Design/Logic Flaw

2012-11-0422:55:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.6%

JSON

Open Source Classifieds does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

References

www.cs.utexas.edu/~shmat/shmat_ccs12.pdf