Security Advisory

CVE-2010-4211

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-11-08 23:00:00

Last updated 2024-08-07 03:34:37

Assigner mitre

State PUBLISHED

Description

The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.

← Browse all CVEs View on cve.org ↗