Sagepay

sagepay

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Sage Pay Direct Module

sage_pay_direct_module

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-5792 2Oscommerce Sagepay 2Oscommerce Sage Pay Direct Module Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a...Show more The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2012-5792

2Oscommerce

Sagepay

2Oscommerce

Sage Pay Direct Module

Apr 29, 2026

Nov 4, 2012

N/A· v4

N/A· v3

5.8 MEDIUM· v2

The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a...Show more