680
VMScore

CVE-2012-5583

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5.8 | VMScore: 680 | EPSS: 0.00064 | KEV: Not Included
Published: 06/06/2014 Updated: 21/11/2024

Vulnerability Summary

phpCAS prior to 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

apereo phpcas

apereo phpcas 1.3.0