Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0862

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0862
Last Modified 10 Sep 2008 03:13:02
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0862

Summary

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Vulnerable Systems

Operating System

  • Baltimore Technologies Mailsecure

  • Kde 2.2.1

  • Kde 2.2.2

  • Kde 3.0

  • Kde 3.0.1

  • Kde 3.0.2

  • Microsoft Windows 2000

  • Microsoft Windows 2000 Terminal Services

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp

Application

  • Adam Megacz Tinyssl 1.0.2

  • Kde Konqueror 2.2.2

  • Kde Konqueror 3.0

  • Kde Konqueror 3.0.1

  • Kde Konqueror 3.0.2

  • Microsoft Ie 5.0

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0

  • Microsoft Ie For Macintosh 5.0

  • Microsoft Ie For Macintosh 5.1

  • Microsoft Ie For Macintosh 5.1.1

  • Microsoft Internet Information Server 5.0

  • Microsoft Office 2001

  • Microsoft Office 98

  • Microsoft Office V.x

  • Microsoft Outlook Express 4.5

  • Microsoft Outlook Express 5.0

  • Microsoft Outlook Express 5.0.1

  • Microsoft Outlook Express 5.0.2

  • Microsoft Outlook Express 5.0.3


References

MS - MS02-050

XF - ssl-ca-certificate-spoofing(9776)

BUGTRAQ - 20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3

BUGTRAQ - 20020812 IE SSL Exploit

BUGTRAQ - 20020805 IE SSL Vulnerability


Last Updated: 27 May 2016 10:37:06