CVE-2012-5583

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2012-5583

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-5583.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-5583

Downstream

DEBIAN-CVE-2012-5583

Published

2014-06-06T14:55:03Z

Modified

2026-04-10T03:42:32.414538Z

Summary

[none]

Details

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

http://secunia.com/advisories/51818
https://exchange.xforce.ibmcloud.com/vulnerabilities/81208
https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog

CVE-2012-5583

Affected packages