6.8
CVE-2002-0862
- EPSS 12.51%
- Veröffentlicht 04.10.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 2000 Version-
Microsoft ≫ Windows 98 Version-
Microsoft ≫ Windows 98se Version-
Microsoft ≫ Windows Me Version-
Microsoft ≫ Windows Nt Version4.0 Update- SwEdition-
Microsoft ≫ Windows Nt Version4.0 Update- SwEditionterminal_server
Microsoft ≫ Windows Xp Version-
Microsoft ≫ Internet Explorer Version-
Microsoft ≫ Outlook Express Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.51% | 0.937 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.