CVSS: 6.8EPSS: 15%CPEs: 11EXPL: 1CVE-2002-0862 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-0862
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. Las APIs (Application Programming Interface) CertGetCertificateChain CertVerifyCertificateChainPolicy WinVerifyTrust en la CriptoAPI de productos de Microsoft, incluyendo Microsoft Windows 98 a XP, Office para Mac, Internet Explorer para Mac, y Outlook Express para Mac, no verifican adecuadamente las restricciones básicas de certificados X.509 firmados por CAs (Autoridad Certificadora) intermedias, lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque tipo hombre-en-el-medio en sesiones SSL, como se informó anteriormente para Internet Explorer e IIS. • https://www.exploit-db.com/exploits/21692 http://marc.info/?l=bugtraq&m=102866120821995&w=2 http://marc.info/?l=bugtraq&m=102918200405308&w=2 http://marc.info/?l=bugtraq&m=102976967730450&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-295: Improper Certificate Validation •
CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 0CVE-2002-0699
https://notcve.org/view.php?id=CVE-2002-0699
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. Vulnerabilidad desconocida en el Control ActiveX de Enrolamiento de Certificados (Certificate Enrollment) en Microsoft Windows 98, Windows 98 Segunda Edición, Windows Millenium, Windows NT 4.0, Windows 2000 y Windows XP, permite a atacantes remotos borrar certificados digitales en el sistema de un usuario mediante HTML. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190 •
CVSS: 7.5EPSS: 9%CPEs: 30EXPL: 2CVE-2002-0724 – Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0724
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". • https://www.exploit-db.com/exploits/21746 https://www.exploit-db.com/exploits/21747 http://marc.info/?l=bugtraq&m=103011556323184&w=2 http://www.kb.cert.org/vuls/id/250635 http://www.kb.cert.org/vuls/id/311619 http://www.kb.cert.org/vuls/id/342243 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0725
https://notcve.org/view.php?id=CVE-2002-0725
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. El sistema de archivos NTFS en Windows NT4.0 y Windows 2000 SP2 permite a atacantes locales ocultar las actividades de uso de ficheros mediante un enlace duro al fichero objetivo, lo que causa la auditoría se haga sobre el enlace y no sobre el fichero objetivo. • http://www.atstake.com/research/advisories/2000/a081602-1.txt http://www.iss.net/security_center/static/9869.php http://www.securityfocus.com/bid/5484 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 82%CPEs: 10EXPL: 4CVE-2002-0391
https://notcve.org/view.php?id=CVE-2002-0391
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P http://archives.neohapsis.com/archives/aix/2002-q4/0002.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html http://archives.neohapsis.com/archives/hp/2002-q3/0077.html http://bvl • CWE-190: Integer Overflow or Wraparound •