1. Home
  2. CVE Database
  3. CVE-2012-5799
MEDIUM · 5.8

CVE-2012-5799

The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,...

Vulnerability Description

The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
PrestashopPrestashop-
Presto-ChangeoCanadapost-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2012-5799?

CVE-2012-5799 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,...

How severe is CVE-2012-5799?

CVE-2012-5799 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5799?

Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop, Presto-Changeo Canadapost.