Security Advisory

CVE-2012-2993

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-09-18 01:00:00

Last updated 2025-01-16 21:19:22

Assigner certcc

State PUBLISHED

Description

Microsoft Windows Phone 7 does not verify the domain name in the subjects Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.

← Browse all CVEs View on cve.org ↗