Substitution of SSL certificates

Posted: November 13, 2012 in Vulnerabilities
Tags: , , , ,

Vulnerability

Substitution of SSL certificates

Vulnerability: Substitution of SSL certificates PayPal SDK

Danger: Low
Availability of fixes: Insturktsii to eliminate
Quantity of vulnerabilities: 1

CVE ID: CVE-2012-5787
Vector operation: Remote
Impact: Spoofing attack

Affected products: PayPal SDK

Affected versions: PayPal SDK

Description:

Which can be exploited by malicious people to conduct spoofing attacks.

Manufacturer URL: https://github.com/paypal

Solution: The way to eliminate the vulnerability does not exist at present.

Links:
https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64

Vulnerability: Substitution of SSL certificates in Amazon Web Services SDK

Danger: Low
Quantity of vulnerabilities: 1

CVE ID: CVE-2012-5780
Vector operation: Remote
Impact: Spoofing attack

Affected products: Amazon Web Services SDK

Affected versions: Amazon Web Services SDK

Description:

Which can be exploited by malicious people to conduct spoofing attacks.

Manufacturer URL: https://github.com/amazonwebservices

Vulnerability: Substitution of SSL certificates in Apache Axis

Danger: Low
Quantity of vulnerabilities: 1

CVE ID:

– CVE-2012-5784
– CVE-2012-5785

Vector operation: Remote
Impact: Spoofing attack

Affected products: Apache Axis 1.x

Affected versions:
– Apache Axis 1.4
– Apache Axis2/Java 1.6.2

Description:

Which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability exists because the application does not associate the name of the server domain name listed in the Common Name (CN) field and the subjectAltName certificate X.509. This can be exploited to fake SSL certificate and make an attack “man in the middle.”

Manufacturer URL: http://ws.apache.org/axis/

Solution: The way to eliminate the vulnerability does not exist at present.

Links:
http://www.cs.utexas.edu/ ~ shmat/shmat_ccs12.pdf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s