x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subjects Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X3270 | Paul_mattes | * | 3.3.12 (including) |
| X3270 | Paul_mattes | 3.3.5 (including) | 3.3.5 (including) |
| X3270 | Paul_mattes | 3.3.6 (including) | 3.3.6 (including) |
| X3270 | Paul_mattes | 3.3.7 (including) | 3.3.7 (including) |
| X3270 | Paul_mattes | 3.3.8 (including) | 3.3.8 (including) |
| X3270 | Paul_mattes | 3.3.8-p1 (including) | 3.3.8-p1 (including) |
| X3270 | Paul_mattes | 3.3.8-p2 (including) | 3.3.8-p2 (including) |
| X3270 | Paul_mattes | 3.3.8-p3 (including) | 3.3.8-p3 (including) |
| X3270 | Paul_mattes | 3.3.9-ga11 (including) | 3.3.9-ga11 (including) |
| X3270 | Paul_mattes | 3.3.9-ga12 (including) | 3.3.9-ga12 (including) |
| X3270 | Paul_mattes | 3.3.10-ga3 (including) | 3.3.10-ga3 (including) |
| X3270 | Paul_mattes | 3.3.10-ga4 (including) | 3.3.10-ga4 (including) |
| X3270 | Paul_mattes | 3.3.10-ga5 (including) | 3.3.10-ga5 (including) |
| X3270 | Paul_mattes | 3.3.11-beta2 (including) | 3.3.11-beta2 (including) |
| X3270 | Paul_mattes | 3.3.11-beta4 (including) | 3.3.11-beta4 (including) |
| X3270 | Paul_mattes | 3.3.11-ga6 (including) | 3.3.11-ga6 (including) |
| X3270 | Paul_mattes | 3.3.12-beta6 (including) | 3.3.12-beta6 (including) |
| X3270 | Paul_mattes | 3.3.12-ga10 (including) | 3.3.12-ga10 (including) |
| X3270 | Paul_mattes | 3.3.12-ga7 (including) | 3.3.12-ga7 (including) |