Unrated severityNVD Advisory· Published Nov 6, 2012· Updated Apr 29, 2026
CVE-2011-5242
CVE-2011-5242
Description
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected products
17cpe:2.3:a:themattharris:tmhoauth:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:themattharris:tmhoauth:*:*:*:*:*:*:*:*range: <=0.60
- cpe:2.3:a:themattharris:tmhoauth:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.56:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.57:*:*:*:*:*:*:*
- cpe:2.3:a:themattharris:tmhoauth:0.58:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.