6.8

CVE-2002-0862

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 2000 Version-
MicrosoftWindows 98 Version-
MicrosoftWindows 98se Version-
MicrosoftWindows Me Version-
MicrosoftWindows Nt Version4.0 Update- SwEdition-
MicrosoftWindows Nt Version4.0 Update- SwEditionterminal_server
MicrosoftWindows Xp Version-
MicrosoftInternet Explorer Version-
   ApplemacOS Version-
MicrosoftOffice Version-
   ApplemacOS Version-
MicrosoftOutlook Express Version-
   ApplemacOS Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.68% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://exchange.xforce.ibmcloud.com/vulnerabilities/9776
Third Party Advisory
VDB Entry
http://marc.info/?l=bugtraq&m=102866120821995&w=2
Mailing List
http://marc.info/?l=bugtraq&m=102918200405308&w=2
Mailing List
http://marc.info/?l=bugtraq&m=102976967730450&w=2
Mailing List
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671
Broken Link