Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5789


Vulnerability Score 5.8 5.8
CVE Id CVE-2012-5789
Last Modified 07 Feb 2013 12:01:47
Published 04 Nov 2012 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value.

Vulnerable Systems


  • Paypal Payments Standard -



XF - paypal-payments-ssl-spoofing(79912)

Last Updated: 27 May 2016 10:49:50