Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3446

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-3446
Last Modified 06 Nov 2012 12:00:00
Published 04 Nov 2012 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3446

Summary

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Vulnerable Systems

Application

  • Apache Libcloud 0.10.1

  • Apache Libcloud 0.11.0

  • Apache Libcloud 0.2.0

  • Apache Libcloud 0.3.0

  • Apache Libcloud 0.3.1

  • Apache Libcloud 0.4.0

  • Apache Libcloud 0.4.2

  • Apache Libcloud 0.5.0

  • Apache Libcloud 0.5.2

  • Apache Libcloud 0.6.0

  • Apache Libcloud 0.6.1

  • Apache Libcloud 0.6.2

  • Apache Libcloud 0.7.0

  • Apache Libcloud 0.7.1

  • Apache Libcloud 0.8.0

  • Apache Libcloud 0.9.1


References

CONFIRM - https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES

MISC - http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf


Last Updated: 27 May 2016 10:49:50