2 matches found
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...
CVE-2012-5806
The vulnerability CVE-2012-5806 affects the Zen Cart PayPal Payments Pro module. The issue is that the module does not verify that the server hostname matches a domain in the certificate’s CN or subjectAltName, enabling MITM-style spoofing with arbitrary valid certificates. The root cause is tied...