CVE-2012-6153

Public on 2014-09-04

Modified on 2014-09-19

Description

It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

Severity

Important

See what this means

CVSS v3 Base Score

5.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	jakarta-commons-httpclient	2014-09-17 21:47	ALAS-2014-410

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	5.8	AV:N/AC:M/Au:N/C:P/I:P/A:N
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:P/A:N

References

Red Hat: CVE-2012-6153 Mitre: CVE-2012-6153 FAQs regarding Amazon Linux ALAS/CVE Severity