CVE-2011-5242

Published Nov 6, 2012

Last updated 3 months ago

CVSS info 5.8

Overview

Description: tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C9F71FE-21C7-455A-9E50-F409D006796C",
            "versionEndIncluding": "0.60"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "918BBA2E-387C-44B5-9EE0-BE2CDD80DEA4"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5B41857-603D-4576-8DBF-ABD80F25AD5A"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "844656F0-977F-4CD3-9301-94871739E816"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E6F2AD5-1997-4571-BE7B-D5BA65F19BD3"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E5509AD-6BED-4715-A885-F890E157846A"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CF50D58-54BC-4E9A-8E13-5BC3E0D5B5DB"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "135FBF3A-8D0F-4E9A-B83B-AB4A49AFF78B"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "267D0805-FC82-4F24-8A8D-92316429E3B1"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.51:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA435BF9-C1CD-4ED0-BBB3-752D6826E663"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AAD8764-56DC-4353-B0F8-9DBC71537A5D"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6A1E9E0-A55F-4A2B-A27B-0A34C0F7BF46"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22CCA132-2C15-467C-A772-F2A2B14B9FEB"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.55:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6CB2491-D5D2-45E1-90F8-C1189E23E090"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A787A897-8386-45EC-A1D1-1FC8FE597ABC"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3F5DC07-AC9F-41F0-B166-95B31983B106"
          },
          {
            "criteria": "cpe:2.3:a:themattharris:tmhoauth:0.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDDDA7CC-3C5E-4BF8-9C25-73E90DF60120"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References