CVE-2012-5662

Published May 27, 2014

Last updated 7 years ago

CVSS info 5.8

Overview

Description: x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:*:ga11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CECF32AA-A561-4FD2-B330-06DE255FC042",
            "versionEndIncluding": "3.3.12"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "129A74C4-D82E-4CD2-B42B-BB4DFE7C8150"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62BCE393-034C-47FC-B2D1-EBAFB77EAF17"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C356C9D2-083E-40A6-BBFE-0E54B31941C8"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9DF7203-4FFC-4591-A32C-8BB171A2D34A"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21146FE7-7733-4D88-BB41-67D456E7C3C1"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1D7A2CB-BC92-4F87-962F-D8BAD4B770F3"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E99FD662-CFD4-43BD-920B-1D225E14B547"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC2484FD-80F6-4830-9614-B0B74DB3BD41"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F892FF89-38E7-434D-B125-C4AED094A193"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.10:ga3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D8E2E82-66C2-465D-BD5D-33B20BE4161D"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.10:ga4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45B5950B-6325-4E7A-AD71-215A30BA0549"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.10:ga5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E74D267-5CCA-4D54-81C3-A44EC25F8167"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.11:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C8B630D-FF21-4089-B962-A167C2A33C2D"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.11:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAD52ED7-5B55-46BD-AA01-5DCC6EE801B1"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.11:ga6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFBE9765-B2FE-412B-ABE1-0F0AABCA24B8"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.12:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C0A6C8D-7635-4F43-A511-FBA80FA9A4C1"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.12:ga10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63DB41F3-EBDA-40E0-84DA-3457E44565FE"
          },
          {
            "criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.12:ga7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C96AE7A-A1FF-4956-BAF2-E97E6C7B36DE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References