1. Home
  2. Vulnerabilities
  3. CVE-2012-5784

CVE-2012-5784

CVSS v2.0 5.8 (Medium)
58% Progress
EPSS 0.12 % (47th)
0.12% Progress
Affected Products 5
Advisories 11
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Weaknesses
CWE-20
Improper Input Validation
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2012-11-04 22:55:03
(12 years ago)
Updated Date
2023-11-07 02:12:41
(10 months ago)

Affected Products

Apache

Paypal

Configuration #1

    CPE23 From Up To
  Apache Activemq 5.7.0 and prior versions cpe:2.3:a:apache:activemq <= 5.7.0
  Apache Axis 1.4 and prior versions cpe:2.3:a:apache:axis <= 1.4
  Apache Axis Alpha1 cpe:2.3:a:apache:axis:-:alpha1
  Apache Axis Alpha2 cpe:2.3:a:apache:axis:-:alpha2
  Apache Axis Alpha3 cpe:2.3:a:apache:axis:-:alpha3
  Apache Axis Beta1 cpe:2.3:a:apache:axis:-:beta1
  Apache Axis Beta2 cpe:2.3:a:apache:axis:-:beta2
  Apache Axis Beta3 cpe:2.3:a:apache:axis:-:beta3
  Apache Axis 1.0 cpe:2.3:a:apache:axis:1.0
  Apache Axis 1.0 Beta cpe:2.3:a:apache:axis:1.0:beta
  Apache Axis 1.0 Rc1 cpe:2.3:a:apache:axis:1.0:rc1
  Apache Axis 1.0 Rc2 cpe:2.3:a:apache:axis:1.0:rc2
  Apache Axis 1.1 cpe:2.3:a:apache:axis:1.1
  Apache Axis 1.1 Beta cpe:2.3:a:apache:axis:1.1:beta
  Apache Axis 1.1 Rc1 cpe:2.3:a:apache:axis:1.1:rc1
  Apache Axis 1.1 Rc2 cpe:2.3:a:apache:axis:1.1:rc2
  Apache Axis 1.2 cpe:2.3:a:apache:axis:1.2
  Apache Axis 1.2 Alpha cpe:2.3:a:apache:axis:1.2:alpha
  Apache Axis 1.2 Beta1 cpe:2.3:a:apache:axis:1.2:beta1
  Apache Axis 1.2 Beta2 cpe:2.3:a:apache:axis:1.2:beta2
  Apache Axis 1.2 Beta3 cpe:2.3:a:apache:axis:1.2:beta3
  Apache Axis 1.2 Rc1 cpe:2.3:a:apache:axis:1.2:rc1
  Apache Axis 1.2 Rc2 cpe:2.3:a:apache:axis:1.2:rc2
  Apache Axis 1.2 Rc3 cpe:2.3:a:apache:axis:1.2:rc3
  Apache Axis 1.2.1 cpe:2.3:a:apache:axis:1.2.1
  Apache Axis 1.3 cpe:2.3:a:apache:axis:1.3
  Paypal Mass Pay cpe:2.3:a:paypal:mass_pay:-
  Paypal Payments Pro cpe:2.3:a:paypal:payments_pro:-
  Paypal Transactional Information Soap cpe:2.3:a:paypal:transactional_information_soap:-