Description
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Published: 2012-11-06
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2011-5136 Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
History

No history.

Subscriptions

Moneris Eselect Plus
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-17T00:42:10.141Z

Reserved: 2012-11-06T00:00:00.000Z

Link: CVE-2011-5236

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-11-06T12:21:26.713

Modified: 2026-06-16T23:36:12.047

Link: CVE-2011-5236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses