Page 24 of 116 results (0.003 seconds)
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-5240
https://notcve.org/view.php?id=CVE-2011-5240
Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Magento v1.5 y v1.6.2 no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://www.unrest.ca/peerjacking • CWE-20: Improper Input Validation •