CVE

Id
5252  
CVE No.
CVE-2002-0862  
Status
Candidate  
Description
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.  
Phase
Modified (20061101)  
Votes
ACCEPT(3) Cole, Green, Wall | NOOP(2) Christey, Cox  
Comments
Christey> Note: CVE-2002-0828 is an earlier discovery of this candidate. | That candidate will be REJECTED in favor of this one, | which comes from a more authoritative source and is | more accurate.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
28063 5252 CVE-2002-0862 BUGTRAQ:20020805 IE SSL Vulnerability  View
28064 5252 CVE-2002-0862 URL:http://marc.info/?l=bugtraq&m=102866120821995&w=2  View
28065 5252 CVE-2002-0862 BUGTRAQ:20020812 IE SSL Exploit  View
28066 5252 CVE-2002-0862 URL:http://marc.info/?l=bugtraq&m=102918200405308&w=2  View
28067 5252 CVE-2002-0862 BUGTRAQ:20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3  View
28068 5252 CVE-2002-0862 URL:http://marc.info/?l=bugtraq&m=102976967730450&w=2  View
28069 5252 CVE-2002-0862 MS:MS02-050  View
28070 5252 CVE-2002-0862 URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp  View
28071 5252 CVE-2002-0862 OVAL:oval:org.mitre.oval:def:1056  View
28072 5252 CVE-2002-0862 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1056  View
28073 5252 CVE-2002-0862 OVAL:oval:org.mitre.oval:def:1332  View
28074 5252 CVE-2002-0862 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1332  View
28075 5252 CVE-2002-0862 OVAL:oval:org.mitre.oval:def:2671  View
28076 5252 CVE-2002-0862 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2671  View
28077 5252 CVE-2002-0862 XF:ssl-ca-certificate-spoofing(9776)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63885 JVNDB-2002-000212 Microsoft Windows における電子証明書を偽装される脆弱性 Microsoft Windows には、CryptoAPI の実装に不備があり、X.509 証明書の Basic Constraints 領域の確認を十分に行わないため、ルート認証局が信頼できるものであれば、その証明書を信頼してしまう脆弱性が存在します。この脆弱性により、Microsoft Windows が実装する CryptoAPI を使用する全てのアプリケーションが影響を受けます。 CVE-2002-0862 5252 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000212.html  View