MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2012-5784

CVSS 5.8v2.0pub. 2012-11-04upd. 2026-04-29

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:N
  • Apache Activemq

    APP
    Apache
    ≀ 5.7.0
  • Apache Axis

    APP
    Apache
    1.01.11.21.2.11.3≀ 1.4
  • Paypal Mass Pay

    APP
    Paypal
    wszystkie wersje
  • Paypal Payments Pro

    APP
    Paypal
    wszystkie wersje
  • Paypal Transactional Information Soap

    APP
    Paypal
    wszystkie wersje
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-46604CRITICAL10.0⚠ KEVten sam produkt

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...

CVE-2016-3088CRITICAL9.8⚠ KEVten sam produkt

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and exec...

CVE-2023-40743CRITICAL9.8ten sam produkt

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvio...

CVE-2020-11998CRITICAL9.8ten sam produkt

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to ...

CVE-2013-7285CRITICAL9.8ten sam produkt

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may a...

CVE-2012-5784 β€” Apache β€” Activemq β€” MEDIUM β€” CVSS 5.8 | CVEbaza.pl