CVE-2010-4211
Severity Score
2.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
La aplicación de PayPal anterior a v3.0.1 de IOS no comprueba que el nombre del servidor coincide con el nombre de dominio del sujeto de un certificado X.509, que permite a los atacantes "man-in-the-middle" falsificar un servidor web de PayPal a través de un certificado de su elección.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-11-08 CVE Reserved
- 2010-11-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://itunes.apple.com/us/app/paypal/id283646709 | X_refsource_misc | |
| http://news.cnet.com/8301-27080_3-20021730-245.html | X_refsource_misc | |
| http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html | X_refsource_misc | |
| http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html | X_refsource_misc | |
| http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html | X_refsource_misc | |
| http://www.securityfocus.com/bid/44657 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63002 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2887 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ebay Search vendor "Ebay" | Paypal Search vendor "Ebay" for product "Paypal" | <= 3.0 Search vendor "Ebay" for product "Paypal" and version " <= 3.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 3.1 Search vendor "Apple" for product "Iphone Os" and version "3.1" | - |
Safe
|
| Ebay Search vendor "Ebay" | Paypal Search vendor "Ebay" for product "Paypal" | <= 3.0 Search vendor "Ebay" for product "Paypal" and version " <= 3.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 3.1.2 Search vendor "Apple" for product "Iphone Os" and version "3.1.2" | - |
Safe
|
| Ebay Search vendor "Ebay" | Paypal Search vendor "Ebay" for product "Paypal" | <= 3.0 Search vendor "Ebay" for product "Paypal" and version " <= 3.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 3.1.3 Search vendor "Apple" for product "Iphone Os" and version "3.1.3" | - |
Safe
|