QwikSec

Security Database

CVE

CWE

Training

CVE-2012-5787

Published: Nov 4, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

paypal-sdk-spoofing(79913)

vdb-entry

x_refsource_XF

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.