CVE-2012-5817 in Amazon and Codehaus Products
Published on November 4, 2012

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

NVD

Products Associated with CVE-2012-5817

stack.watch emails you whenever new vulnerabilities are published in Amazon Ec2 Api Tools Java Library or Codehaus Xfire. Just hit a watch button to start following.

Amazon Ec2 Api Tools Java Library

Codehaus Xfire

Exploit Probability

EPSS

0.13%

Percentile

32.65%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2012-5817 in Amazon and Codehaus ProductsPublished on November 4, 2012

Products Associated with CVE-2012-5817

Exploit Probability

CVE-2012-5817 in Amazon and Codehaus Products
Published on November 4, 2012