Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5817


Vulnerability Score 5.8 5.8
CVE Id CVE-2012-5817
Last Modified 07 Feb 2013 12:01:52
Published 04 Nov 2012 05:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Systems


  • Amazon Ec2 Api Tools Java Library -

  • Codehaus Xfire 1.2.4

  • Codehaus Xfire 1.2.5

  • Codehaus Xfire 1.2.6



XF - xfire-ssl-spoofing(79934)

Last Updated: 27 May 2016 10:49:50