Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1407


Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1407
Last Modified 07 Mar 2011 09:10:05
Published 11 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Vulnerable Systems


  • Adam Megacz Tinyssl 1.0.2


BID - 5410

BUGTRAQ - 20020805 IE SSL Vulnerability

BUGTRAQ - 20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability

XF - ssl-ca-certificate-spoofing(9776)

Last Updated: 27 May 2016 10:37:19