Improper input validation in Lincolnloop Authorize.net_echeck_module
CVE-2012-5807
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoo…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (42.4th percentile) — read the EPSS interpretation.
Affected products
- Lincolnloop Authorize.net_echeck_module
- Zen-cart Zen_cart
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)