CVE-2012-5583

Published: Jun 6, 2014Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected (3)

Products: Apereo: Phpcas

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apereo Phpcas	Up to 1.3.1
Apereo Phpcas	Version 1.3.0
Apereo Phpcas	Version 1.3.0 rc1

Related CWEs

References (6)

http://secunia.com/advisories/51818

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/81208

Source: secalert@redhat.com

https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog

Source: secalert@redhat.com

http://secunia.com/advisories/51818

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/81208

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.