CVE-2012-5662

{"id": "CVE-2012-5662", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-27T14:55:02.993", "references": [{"url": "http://osvdb.org/91572", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/52650", "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889373", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82984", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/91572", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/52650", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889373", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82984", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}, {"lang": "es", "value": "x3270 anterior a 3.3.12ga12 no verifica que el nombre de servidor coincide con un nombre de dominio en el campo de nombre com\u00fan del sujeto (CN) o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido arbitrario."}], "lastModified": "2024-11-21T01:45:04.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paul_mattes:x3270:*:ga11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CECF32AA-A561-4FD2-B330-06DE255FC042", "versionEndIncluding": "3.3.12"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "129A74C4-D82E-4CD2-B42B-BB4DFE7C8150"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BCE393-034C-47FC-B2D1-EBAFB77EAF17"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C356C9D2-083E-40A6-BBFE-0E54B31941C8"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9DF7203-4FFC-4591-A32C-8BB171A2D34A"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21146FE7-7733-4D88-BB41-67D456E7C3C1"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D7A2CB-BC92-4F87-962F-D8BAD4B770F3"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.8:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E99FD662-CFD4-43BD-920B-1D225E14B547"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2484FD-80F6-4830-9614-B0B74DB3BD41"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F892FF89-38E7-434D-B125-C4AED094A193"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.10:ga3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D8E2E82-66C2-465D-BD5D-33B20BE4161D"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.10:ga4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B5950B-6325-4E7A-AD71-215A30BA0549"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.10:ga5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E74D267-5CCA-4D54-81C3-A44EC25F8167"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.11:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C8B630D-FF21-4089-B962-A167C2A33C2D"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.11:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD52ED7-5B55-46BD-AA01-5DCC6EE801B1"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.11:ga6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFBE9765-B2FE-412B-ABE1-0F0AABCA24B8"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.12:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C0A6C8D-7635-4F43-A511-FBA80FA9A4C1"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.12:ga10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63DB41F3-EBDA-40E0-84DA-3457E44565FE"}, {"criteria": "cpe:2.3:a:paul_mattes:x3270:3.3.12:ga7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C96AE7A-A1FF-4956-BAF2-E97E6C7B36DE"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}