Substitution of SSL certificates
Vulnerability: Substitution of SSL certificates PayPal SDK
Danger: Low
Availability of fixes: Insturktsii to eliminate
Quantity of vulnerabilities: 1
CVE ID: CVE-2012-5787
Vector operation: Remote
Impact: Spoofing attack
Affected products: PayPal SDK
Affected versions: PayPal SDK
Description:
Which can be exploited by malicious people to conduct spoofing attacks.
Manufacturer URL: https://github.com/paypal
Solution: The way to eliminate the vulnerability does not exist at present.
Links:
https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64
Vulnerability: Substitution of SSL certificates in Amazon Web Services SDK
Danger: Low
Quantity of vulnerabilities: 1
CVE ID: CVE-2012-5780
Vector operation: Remote
Impact: Spoofing attack
Affected products: Amazon Web Services SDK
Affected versions: Amazon Web Services SDK
Description:
Which can be exploited by malicious people to conduct spoofing attacks.
Manufacturer URL: https://github.com/amazonwebservices
Vulnerability: Substitution of SSL certificates in Apache Axis
Danger: Low
Quantity of vulnerabilities: 1
CVE ID:
– CVE-2012-5784
– CVE-2012-5785
Vector operation: Remote
Impact: Spoofing attack
Affected products: Apache Axis 1.x
Affected versions:
– Apache Axis 1.4
– Apache Axis2/Java 1.6.2
Description:
Which can be exploited by malicious people to conduct spoofing attacks.
The vulnerability exists because the application does not associate the name of the server domain name listed in the Common Name (CN) field and the subjectAltName certificate X.509. This can be exploited to fake SSL certificate and make an attack “man in the middle.”
Manufacturer URL: http://ws.apache.org/axis/
Solution: The way to eliminate the vulnerability does not exist at present.
