Unrated severityNVD Advisory· Published Nov 4, 2012· Updated Jun 16, 2026
CVE-2012-5788
CVE-2012-5788
Description
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.