CVE-2012-5583

描述

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

受影響套件(1)

• Debian/php-casfrom 0, < 1.3.1-2

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-5583