Release date:
Updated on:
Affected Systems:
Amazon Web Services SDK
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-5780
Aws sdk for. NET is a solution for developing and building. NET applications.
The Amazon Web Services SDK does not correctly verify that the server host name matches the Domain Name of the CN or subjectAltName field of the X.509 Certificate. Using any valid certificate, attackers can perform man-in-the-middle attacks and fool the SSL server.
<* Source: vendor
Link: http://secunia.com/advisories/51196/
Http://www.cs.utexas.edu /~ Shmat/shmat_ccs12.pdf
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Amazon
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.amazon.com/