5 matches found
CVE-2012-5792
The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Design/Logic Flaw
The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5792
The CVE-2012-5792 entry affects the Sage Pay Direct module in osCommerce. The vulnerability arises because the module does not verify that the server hostname matches a domain name in the certificate’s CN or subjectAltName, enabling MITM attackers to spoof SSL servers using an arbitrary valid cer...
CVE-2012-5792
The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure
The Sage Pay Direct Payment Gateway for Ubercart ucprotxvspdirect processes credit card transactions in Ubercart stores using the Sage Pay Direct service. The module may show remote 3-D Secure pages to the user in an iframe when their bank supports the Verified by Visa or MasterCard SecureCode...