Versio.io

CVE-2012-5824

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 04-11-2012 11:55
Last modified: - 07-02-2022 07:59
Total changes: - 2

Description

Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
5.8
Base score
8.6
4.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=cerulean_studios AND product=trillian AND version=5.1.0.19
 

Reference

 


Keywords

NVD

 

CVE-2012-5824

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.