Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-04 | CVE-2012-5821 | Improper Certificate Validation vulnerability in multiple products Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. | 5.9 |
| 2012-11-04 | CVE-2012-5819 | Improper Certificate Validation vulnerability in Filesanywhere FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 7.4 |
| 2012-11-04 | CVE-2012-5817 | Improper Certificate Validation vulnerability in multiple products Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 7.4 |
| 2012-11-04 | CVE-2012-5810 | Improper Certificate Validation vulnerability in Jpmorganchase Chase Mobile The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager. | 5.9 |
| 2012-11-04 | CVE-2012-5783 | Improper Certificate Validation vulnerability in multiple products Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2012-11-04 | CVE-2012-3446 | Improper Certificate Validation vulnerability in Apache Libcloud Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | 5.9 |
| 2012-09-25 | CVE-2012-3037 | Improper Certificate Validation vulnerability in Siemens products The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. | 4.3 |
| 2012-09-18 | CVE-2012-2993 | Improper Certificate Validation vulnerability in Microsoft Windows Phone 7 Firmware Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. | 5.9 |
| 2012-03-30 | CVE-2011-3061 | Improper Certificate Validation vulnerability in Google Chrome Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | 5.8 |
| 2012-02-16 | CVE-2011-3024 | Improper Certificate Validation vulnerability in Google Chrome Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. | 4.3 |