CVE-2012-5822

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
mozillazamboni
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79929
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79929