CVE-2011-5242
Published Nov 6, 2012
Last updated 12 years ago
Overview
- Description
- tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C9F71FE-21C7-455A-9E50-F409D006796C",
"versionEndIncluding": "0.60"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "918BBA2E-387C-44B5-9EE0-BE2CDD80DEA4"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5B41857-603D-4576-8DBF-ABD80F25AD5A"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "844656F0-977F-4CD3-9301-94871739E816"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E6F2AD5-1997-4571-BE7B-D5BA65F19BD3"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E5509AD-6BED-4715-A885-F890E157846A"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CF50D58-54BC-4E9A-8E13-5BC3E0D5B5DB"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "135FBF3A-8D0F-4E9A-B83B-AB4A49AFF78B"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "267D0805-FC82-4F24-8A8D-92316429E3B1"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA435BF9-C1CD-4ED0-BBB3-752D6826E663"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.52:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AAD8764-56DC-4353-B0F8-9DBC71537A5D"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.53:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6A1E9E0-A55F-4A2B-A27B-0A34C0F7BF46"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22CCA132-2C15-467C-A772-F2A2B14B9FEB"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.55:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6CB2491-D5D2-45E1-90F8-C1189E23E090"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.56:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A787A897-8386-45EC-A1D1-1FC8FE597ABC"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.57:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3F5DC07-AC9F-41F0-B166-95B31983B106"
},
{
"criteria": "cpe:2.3:a:themattharris:tmhoauth:0.58:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDDDA7CC-3C5E-4BF8-9C25-73E90DF60120"
}
],
"operator": "OR"
}
]
}
]