1 results (0.010 seconds)
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5807
https://notcve.org/view.php?id=CVE-2012-5807
04 Nov 2012 — The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo Authorize.Net eCheck en Zen Cart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacant... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •