Description
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2011-5136 | Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
References
| Link | Providers |
|---|---|
| http://www.unrest.ca/peerjacking |
|
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-17T00:42:10.141Z
Reserved: 2012-11-06T00:00:00.000Z
Link: CVE-2011-5236
No data.
Status : Modified
Published: 2012-11-06T12:21:26.713
Modified: 2026-06-16T23:36:12.047
Link: CVE-2011-5236
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD