Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://secunia.com/advisories/51412 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2013-05-27T14:00:00Z
Updated: 2024-09-16T22:25:14.412Z
Reserved: 2012-12-16T00:00:00Z
Link: CVE-2012-6399
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-05-27T14:55:01.037
Modified: 2013-05-28T04:00:00.000
Link: CVE-2012-6399
Redhat
No data.