Vulnerability Details : CVE-2012-5662
x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Products affected by CVE-2012-5662
- cpe:2.3:a:paul_mattes:x3270:*:ga11:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.11:ga6:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.11:beta4:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:p2:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:p1:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.12:ga10:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.10:ga4:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.10:ga3:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.11:beta2:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.10:ga5:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:-:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.12:ga7:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.12:beta6:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:p3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5662
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5662
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2012-5662
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5662
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82984
x3270 SSL spoofing CVE-2012-5662 Vulnerability Report
-
https://bugzilla.redhat.com/show_bug.cgi?id=889373
889373 – (CVE-2012-5662) CVE-2012-5662 x3270: does not properly validate SSL certificates
-
http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/
x3270 - Browse /x3270/3.3.12ga12 at SourceForge.net
Jump to