x3270 CVE-2012-5662 SSL Certificate Validation Security Bypass Vulnerability
BID:58627
Info
x3270 CVE-2012-5662 SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 58627 |
| Class: | Design Error |
| CVE: |
CVE-2012-5662 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 20 2012 12:00AM |
| Updated: | Dec 20 2012 12:00AM |
| Credit: | Florian Weimer of the Red Hat Product Security Team. |
| Vulnerable: |
Paul Mattes x3270 3.3.12ga11 |
| Not Vulnerable: |
Paul Mattes x3270 3.3.12ga12 |
Discussion
x3270 CVE-2012-5662 SSL Certificate Validation Security Bypass Vulnerability
x3270 is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates received from the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
x3270 is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates received from the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Exploit / POC
x3270 CVE-2012-5662 SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
x3270 CVE-2012-5662 SSL Certificate Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
x3270 CVE-2012-5662 SSL Certificate Validation Security Bypass Vulnerability
References:
References:
- Bug 889373 - (CVE-2012-5662) CVE-2012-5662 x3270: does not properly validate SSL (Red Hat Bugzilla)
- Changes in version 3.3.12ga12, 20. March 2013 (Paul Mattes)
- x3270 Homepage (Paul Mattes)