Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5806


Vulnerability Score 5.8 5.8
CVE Id CVE-2012-5806
Last Modified 06 Nov 2012 12:00:00
Published 04 Nov 2012 05:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.

Vulnerable Systems


  • Paypal Payments Pro -

  • Zen-cart Zen Cart -



Last Updated: 27 May 2016 10:49:49