What is the severity of CVE-2012-5806?

CVE-2012-5806 is considered a high severity vulnerability due to its potential to allow man-in-the-middle attacks.

How do I fix CVE-2012-5806?

To fix CVE-2012-5806, ensure that the server hostname matches the domain name in the SSL certificate's Common Name or subjectAltName fields.

Which software is affected by CVE-2012-5806?

CVE-2012-5806 affects the PayPal Payments Pro module in Zen Cart.

What kind of attacks can CVE-2012-5806 facilitate?

CVE-2012-5806 can facilitate man-in-the-middle attacks, allowing attackers to spoof SSL servers.

What protections should be in place to mitigate CVE-2012-5806?

To mitigate CVE-2012-5806, use properly configured SSL certificates that validate server hostnames against the Common Name or subjectAltName.

Vulnerability/
CVE-2012-5806

medium

5.8

CWE

4/11/2012

3/10/2022

6/8/2024

CVE-2012-5806: Input Validation

First published: Sun Nov 04 2012(Updated: )

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PayPal Payments Pro
Zen-cart Zen Cart

Never miss a vulnerability like this again

Reference Links

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

Frequently Asked Questions

What is the severity of CVE-2012-5806?
CVE-2012-5806 is considered a high severity vulnerability due to its potential to allow man-in-the-middle attacks.
How do I fix CVE-2012-5806?
To fix CVE-2012-5806, ensure that the server hostname matches the domain name in the SSL certificate's Common Name or subjectAltName fields.
Which software is affected by CVE-2012-5806?
CVE-2012-5806 affects the PayPal Payments Pro module in Zen Cart.
What kind of attacks can CVE-2012-5806 facilitate?
CVE-2012-5806 can facilitate man-in-the-middle attacks, allowing attackers to spoof SSL servers.
What protections should be in place to mitigate CVE-2012-5806?
To mitigate CVE-2012-5806, use properly configured SSL certificates that validate server hostnames against the Common Name or subjectAltName.

collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/tags
agent/description
agent/event
agent/source
vendor/paypal
canonical/paypal payments pro
vendor/zen-cart
canonical/zen-cart zen cart

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2012-5806?
CVE-2012-5806 is considered a high severity vulnerability due to its potential to allow man-in-the-middle attacks.
How do I fix CVE-2012-5806?
To fix CVE-2012-5806, ensure that the server hostname matches the domain name in the SSL certificate's Common Name or subjectAltName fields.
Which software is affected by CVE-2012-5806?
CVE-2012-5806 affects the PayPal Payments Pro module in Zen Cart.
What kind of attacks can CVE-2012-5806 facilitate?
CVE-2012-5806 can facilitate man-in-the-middle attacks, allowing attackers to spoof SSL servers.
What protections should be in place to mitigate CVE-2012-5806?
To mitigate CVE-2012-5806, use properly configured SSL certificates that validate server hostnames against the Common Name or subjectAltName.