// For flags

CVE-2012-5583

 

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

phpCAS anterior a 1.3.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-10-24 CVE Reserved
  • 2014-06-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apereo
Search vendor "Apereo"
 Phpcas
Search vendor "Apereo" for product "Phpcas"
 <= 1.3.1
Search vendor "Apereo" for product "Phpcas" and version " <= 1.3.1"
-
Affected
Apereo
Search vendor "Apereo"
 Phpcas
Search vendor "Apereo" for product "Phpcas"
 1.3.0
Search vendor "Apereo" for product "Phpcas" and version "1.3.0"
-
Affected
Apereo
Search vendor "Apereo"
 Phpcas
Search vendor "Apereo" for product "Phpcas"
 1.3.0
Search vendor "Apereo" for product "Phpcas" and version "1.3.0"
rc1
Affected