2 matches found
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different...
CVE-2012-5805
The CVE-2012-5805/5806 family concerns Zen Cart PayPal integration (IPN for CVE-5805; Payments Pro for CVE-5806). Both describe failure to verify that the server hostname matches a domain in the certificate’s Common Name or subjectAltName, enabling MITM spoofing with any valid certificate. Underl...