2 matches found
com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.github.liuzhenghui:weaver-ecology-parent (>=9.00.2110.07.220316 <=9.00.2112.03.220528) +60 more potentially affected by CVE-2012-5817 via org.codehaus.xfire:xfire-core (>=1.0 <=1.2.6)
org.codehaus.xfire:xfire-core MAVEN version =1.0, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapidark =0.0.3 and more Source cves: CVE-2012-5817 Source advisory: OSV:GHSA-5JC8-8XHV-G8QM...
CVE-2012-5817
Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, fails to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling MITM spoofing with an arbitrary valid certificate. Impact is described as spoofing SSL s...