SSL Spoofing Vulnerability in Sage Pay Direct Module for osCommerce
CVE-2012-5792

Currently unrated

Key Information:

Vendor: Oscommerce
Status: Oscommerce; Sage Pay Direct Module
Vendor: CVE Published:; 4 November 2012

What is CVE-2012-5792?

The Sage Pay Direct module in osCommerce is vulnerable due to inadequate verification processes for SSL certificates. It fails to check that the server hostname corresponds to a domain name listed in the certificate's Common Name (CN) or subjectAltName fields. As a result, this oversight allows attackers to execute man-in-the-middle attacks, leveraging any valid SSL certificate to impersonate legitimate servers and potentially intercept sensitive data exchanged between users and websites.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79979

vdb-entryx_refsource_XF

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

x_refsource_MISC

Timeline

Vulnerability published
Nov 4, 2012
Vulnerability Reserved
Nov 4, 2012

JSON

Oscommerce

What is CVE-2012-5792?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.