CVE-2011-5242

tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:themattharris:tmhoauth:0.2:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.14:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.13:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.12:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:*:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.57:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.5:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.3:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.11:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.55:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.54:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.4:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.56:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.52:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.51:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.53:*:*:*:*:*:*:*
cpe:2.3:a:themattharris:tmhoauth:0.58:*:*:*:*:*:*:*

Information

Published : 2012-11-06 04:21

Updated : 2012-11-06 04:21


NVD link : CVE-2011-5242

Mitre link : CVE-2011-5242


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

themattharris

  • tmhoauth