Unrated severityNVD Advisory· Published May 27, 2014· Updated May 6, 2026
CVE-2012-5662
CVE-2012-5662
Description
x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected products
19cpe:2.3:a:paul_mattes:x3270:3.3.10:ga3:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:paul_mattes:x3270:3.3.10:ga3:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.10:ga4:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.10:ga5:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.11:beta2:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.11:beta4:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.11:ga6:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.12:beta6:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.12:ga10:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.12:ga7:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:-:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:p1:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:p2:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.8:p3:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.9:ga11:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:3.3.9:ga12:*:*:*:*:*:*
- cpe:2.3:a:paul_mattes:x3270:*:ga11:*:*:*:*:*:*range: <=3.3.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.