CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, fails to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling MITM spoofing with an arbitrary valid certificate. Impact is described as spoofing SSL s...