Vulnerability Description
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ebay | Paypal | <= 3.0 |
| Apple | Iphone Os | 3.1 |
Related Weaknesses (CWE)
References
- http://itunes.apple.com/us/app/paypal/id283646709
- http://news.cnet.com/8301-27080_3-20021730-245.html
- http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
- http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-
- http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability
- http://www.securityfocus.com/bid/44657
- http://www.vupen.com/english/advisories/2010/2887Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63002
- http://itunes.apple.com/us/app/paypal/id283646709
- http://news.cnet.com/8301-27080_3-20021730-245.html
- http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
- http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-
- http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability
- http://www.securityfocus.com/bid/44657
- http://www.vupen.com/english/advisories/2010/2887Vendor Advisory
FAQ
What is CVE-2010-4211?
CVE-2010-4211 is a vulnerability with a CVSS score of 2.9 (LOW). The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal ...
How severe is CVE-2010-4211?
CVE-2010-4211 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4211?
Check the references section above for vendor advisories and patch information. Affected products include: Ebay Paypal, Apple Iphone Os.