Vulnerabilities > Amazon > EC2 API Tools Java Library > High

DATE CVE VULNERABILITY TITLE RISK
2012-11-04 CVE-2012-5817 Improper Certificate Validation vulnerability in multiple products
Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
high complexity
amazon codehaus CWE-295
7.4