CVE-2012-5817
Last modified
CVE-2012-5817 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.. EPSS estimates a 0.78% chance of exploitation in the next 30 days.
Description
Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Ec2 Api Tools Java Library | All versions |
| Codehaus | Xfire | <= 1.2.6 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79934Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79934Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5817?
How severe is CVE-2012-5817?
How do I fix CVE-2012-5817?
Are you affected by CVE-2012-5817?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST