CVE-2012-5662
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
27/05/2014
Last modified:
12/04/2025
Description
x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:paul_mattes:x3270:*:ga11:*:*:*:*:*:* | 3.3.12 (including) | |
| cpe:2.3:a:paul_mattes:x3270:3.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.8:-:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.8:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.8:p2:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.8:p3:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.10:ga3:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.10:ga4:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.10:ga5:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.11:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:paul_mattes:x3270:3.3.11:beta4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/91572
- http://secunia.com/advisories/52650
- http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/
- https://bugzilla.redhat.com/show_bug.cgi?id=889373
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82984
- http://osvdb.org/91572
- http://secunia.com/advisories/52650
- http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/
- https://bugzilla.redhat.com/show_bug.cgi?id=889373
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82984