CVE-2012-5583

EPSS 0.15%

Published: 6/6/2014Modified: 4/28/2026

Description

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected packages (1)

Debian/php-casfrom 0, < 1.3.1-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-5583