1. Home
  2. CVE Database
  3. CVE-2012-5781
MEDIUM · 5.8

CVE-2012-5781

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ...

Vulnerability Description

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default JDK X509TrustManager.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
AmazonElastic Load Balancing-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2012-5781?

CVE-2012-5781 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ...

How severe is CVE-2012-5781?

CVE-2012-5781 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5781?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Elastic Load Balancing.