Vulnerability in Apereo Phpcas

CVE-2012-5583

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arb…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (35.6th percentile) — read the EPSS interpretation.

Affected products

Apereo Phpcas — versions 1.3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

secalert@redhat.com (x_refsource_CONFIRM)
51818 (x_refsource_SECUNIA, third-party-advisory)
phpcas-ssl-certificate-spoofing(81208) (vdb-entry, x_refsource_XF)