CVE-2002-0862
Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
Las APIs (Application Programming Interface)
CertGetCertificateChain
CertVerifyCertificateChainPolicy
WinVerifyTrust
en la CriptoAPI de productos de Microsoft, incluyendo Microsoft Windows 98 a XP, Office para Mac, Internet Explorer para Mac, y Outlook Express para Mac, no verifican adecuadamente las restricciones básicas de certificados X.509 firmados por CAs (Autoridad Certificadora) intermedias, lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque tipo hombre-en-el-medio en sesiones SSL, como se informó anteriormente para Internet Explorer e IIS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2002-08-06 First Exploit
- 2002-08-15 CVE Reserved
- 2002-09-10 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21692 | 2002-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 | 2024-02-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | - | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | - | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Outlook Express Search vendor "Microsoft" for product "Outlook Express" | - | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 98 Search vendor "Microsoft" for product "Windows 98" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 98se Search vendor "Microsoft" for product "Windows 98se" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Me Search vendor "Microsoft" for product "Windows Me" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Nt Search vendor "Microsoft" for product "Windows Nt" | 4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Nt Search vendor "Microsoft" for product "Windows Nt" | 4.0 Search vendor "Microsoft" for product "Windows Nt" and version "4.0" | terminal_server |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Affected
| ||||||