6.8
CVE-2002-0862
- EPSS 12.51%
- Published 04.10.2002 04:00:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Version-
Microsoft ≫ Windows 98 Version-
Microsoft ≫ Windows 98se Version-
Microsoft ≫ Windows Me Version-
Microsoft ≫ Windows Nt Version4.0 Update- SwEdition-
Microsoft ≫ Windows Nt Version4.0 Update- SwEditionterminal_server
Microsoft ≫ Windows Xp Version-
Microsoft ≫ Internet Explorer Version-
Microsoft ≫ Outlook Express Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.51% | 0.937 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.