1 results (0.003 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1

PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain TRUE value. La librería PHP PayPal Payments Standard 20120427 no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario, relacionado con la mala interpretación de un determinado valor TRUE. • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/79981 • CWE-20: Improper Input Validation •