CVE-2012-6087

CVSS 5.8 - MEDIUM
Description

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.

Affected Products
29
Vendor Product Version
moodle moodle All versions
moodle moodle 2.2.0
moodle moodle 2.2.1
moodle moodle 2.2.2
moodle moodle 2.2.3
moodle moodle 2.2.4
moodle moodle 2.2.5
moodle moodle 2.2.6
moodle moodle 2.2.7
moodle moodle 2.2.8
moodle moodle 2.2.9
moodle moodle 2.2.10
moodle moodle 2.3.0
moodle moodle 2.3.1
moodle moodle 2.3.2
moodle moodle 2.3.3
moodle moodle 2.3.4
moodle moodle 2.3.5
moodle moodle 2.3.6
moodle moodle 2.3.7
moodle moodle 2.3.8
moodle moodle 2.4.0
moodle moodle 2.4.1
moodle moodle 2.4.2
moodle moodle 2.4.3
moodle moodle 2.4.4
moodle moodle 2.4.5
moodle moodle 2.5.0
moodle moodle 2.5.1
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=H...
http://www.openwall.com/lists/oss-security/2013/01...
https://moodle.org/mod/forum/discuss.php?d=238393
http://git.moodle.org/gw?p=moodle.git&a=search&h=H...
http://www.openwall.com/lists/oss-security/2013/01...
https://moodle.org/mod/forum/discuss.php?d=238393
Weakness Types
CWE-20
CVE Information
CVE ID:
CVE-2012-6087
Published:
2013-09-16
Modified:
2026-04-29
CVSS Score:
5.8
Severity:
MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
Affected Vendors
moodle
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL