Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1407

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1407
Last Modified 07 Mar 2011 09:10:05
Published 11 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1407

Summary

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Vulnerable Systems

Application

  • Adam Megacz Tinyssl 1.0.2


References

BID - 5410

BUGTRAQ - 20020805 IE SSL Vulnerability

BUGTRAQ - 20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability

XF - ssl-ca-certificate-spoofing(9776)


Last Updated: 27 May 2016 10:37:19