Man-in-the-Middle Vulnerability in osCommerce's Authorize.Net Module
CVE-2012-5793

Currently unrated

Key Information:

Vendor: Oscommerce
Status: Oscommerce; Authorize.net
Vendor: CVE Published:; 4 November 2012

What is CVE-2012-5793?

The Authorize.Net module in osCommerce is susceptible to an SSL spoofing vulnerability due to insufficient hostname verification. This flaw allows attackers to exploit man-in-the-middle scenarios by presenting arbitrary valid SSL certificates, circumventing the expected security measures. The module fails to verify that the server hostname aligns with the domain name detailed in the certificate's Common Name (CN) or subjectAltName field, enabling potential attackers to impersonate legitimate servers. This vulnerability poses significant risks to data integrity and privacy for users relying on secure communication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79978

vdb-entryx_refsource_XF

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

x_refsource_MISC

Timeline

Vulnerability published
Nov 4, 2012
Vulnerability Reserved
Nov 4, 2012

JSON

Oscommerce

What is CVE-2012-5793?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.