Details of VAR-200304-0077

ID

VAR-200304-0077

CVE

CVE-2002-1407

TITLE

Microsoft Internet Explore SSL Certificate authentication man-in-the-middle attack vulnerability (MS02-050)

Trust: 0.6

sources: CNNVD: CNNVD-200304-084

DESCRIPTION

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible for a malicious party to create certificates for arbitrary domains, which will be treated as trusted by the vulnerable browser. The flaw lies in the handling of intermediate certificate authorities. Vulnerable products do not require the Basic Constraints field be properly defined. A malicious party with one valid certificate may sign a new certificate for an arbitrary domain. This may allow the attacker to spoof a sensitive domain, or to attempt a man-in-the-middle attack against encrypted communications. This vulnerability was originally reported in Microsoft's Internet Explorer web browser. It has been reported that, in the case of Microsoft Internet Explorer, the flaw lies in some cryptographic functions implemented in the operating system. It should be noted that this flaw has not been reported in the Cryptographic API included with Microsoft Windows. Reports state that IIS 5.0 under Windows 2000 is also vulnerable. In this case, client certificate chains are not properly verified. Attackers may exploit this vulnerability to bypass some authentication schemes. This vulnerability also exists in some versions of KDE and the included Konqueror web browser. Versions 3.0.2 and earlier are vulnerable. ** A report suggests that the patch issued by Microsoft may not fully protect against this vulnerability. It may be possible that a malicious site using an invalid certificate may mislead users into believing that a certificate is expired rather than being invalid. ** UPDATE 11/11/03 - Microsoft has updated their bulletin for this issue. Users who installed Internet Explorer 6 after installing Windows 2000 Service Pack 4 may have reintroduced this issue onto their systems. A new patch is available for users who installed Internet Explorer 6 on Windows 2000 SP4 systems

Trust: 1.17

sources: NVD: CVE-2002-1407 // BID: 5410

AFFECTED PRODUCTS

vendor:	adam megacz	model:	tinyssl	scope:	lte	version:	1.0.2	Trust: 1.0
vendor:	adam megacz	model:	tinyssl	scope:	eq	version:	1.0.2	Trust: 0.6
vendor:	microsoft	model:	windows xp professional sp1	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp professional	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp home sp1	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp home	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp 64-bit edition sp1	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp 64-bit edition	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows xp	scope:	eq	version:	0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt workstation	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt terminal server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt enterprise server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp6a alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp6a	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp6 alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp5 alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp4 alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp3 alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp2 alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp1 alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0	Trust: 0.3
vendor:	microsoft	model:	windows me	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows 98se	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	windows	scope:	eq	version:	98	Trust: 0.3
vendor:	microsoft	model:	windows terminal services sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows terminal services sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows terminal services sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows terminal services	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp4	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp4	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp4	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp4	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp3	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	outlook express for macos	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	microsoft	model:	outlook express for macos	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	microsoft	model:	outlook express for macos	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	outlook express for macos	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	outlook express for macos	scope:	eq	version:	4.5	Trust: 0.3
vendor:	microsoft	model:	outlook express	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	office	scope:	eq	version:	v.x	Trust: 0.3
vendor:	microsoft	model:	office for mac	scope:	eq	version:	98	Trust: 0.3
vendor:	microsoft	model:	office for macintosh sr1	scope:	eq	version:	2001	Trust: 0.3
vendor:	microsoft	model:	office for macintosh	scope:	eq	version:	2001	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp2	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp2	scope:	eq	version:	5.5	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	5.5	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.5	Trust: 0.3
vendor:	microsoft	model:	internet explorer for windows	scope:	eq	version:	5.02000	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	7.0.0.11	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	7.01	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	6.14	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	6.13	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	6.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	6.11	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32	scope:	eq	version:	6.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.19	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.18	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.17	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.16	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.15	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.14	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.13	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.113	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.112	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.111	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.110	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	eq	version:	5.11	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32	scope:	eq	version:	5.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	7.0.0.11	Trust: 0.3
vendor:	bea	model:	systems weblogic server	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	7.03	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	7.01	Trust: 0.3
vendor:	bea	model:	systems weblogic server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	6.14	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	6.13	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	6.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	6.11	Trust: 0.3
vendor:	bea	model:	systems weblogic server	scope:	eq	version:	6.1	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.19	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.18	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.17	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.16	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.15	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.14	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.13	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.113	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.112	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.111	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.110	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	eq	version:	5.11	Trust: 0.3
vendor:	bea	model:	systems weblogic server	scope:	eq	version:	5.1	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	7.0.0.11	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	7.01	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	6.14	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	6.13	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	6.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	6.11	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32	scope:	eq	version:	6.1	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.19	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.18	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.17	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.16	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.15	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.14	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.13	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.113	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.112	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.111	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.110	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	eq	version:	5.11	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32	scope:	eq	version:	5.1	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	7.0.0.11	Trust: 0.3
vendor:	bea	model:	systems weblogic express	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	7.03	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	7.01	Trust: 0.3
vendor:	bea	model:	systems weblogic express	scope:	eq	version:	7.0	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	6.14	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	6.13	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	6.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	6.11	Trust: 0.3
vendor:	bea	model:	systems weblogic express	scope:	eq	version:	6.1	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.19	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.18	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.17	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.16	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.15	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.14	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.13	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.113	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.112	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.111	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.110	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	eq	version:	5.11	Trust: 0.3
vendor:	bea	model:	systems weblogic express	scope:	eq	version:	5.1	Trust: 0.3
vendor:	bea	model:	systems weblogic enterprise sp	scope:	eq	version:	5.110	Trust: 0.3
vendor:	bea	model:	systems weblogic enterprise	scope:	eq	version:	5.1	Trust: 0.3
vendor:	bea	model:	systems weblogic enterprise	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	bea	model:	systems tuxedo	scope:	eq	version:	8.1	Trust: 0.3
vendor:	bea	model:	systems tuxedo	scope:	eq	version:	8.0	Trust: 0.3
vendor:	baltimore	model:	mailsecure	scope:	-	version:	-	Trust: 0.3
vendor:	adam	model:	megacz tinyssl	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	ne	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	ne	version:	3.0.3	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	ne	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	ne	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic server for win32 sp	scope:	ne	version:	6.15	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	ne	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	ne	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic server sp	scope:	ne	version:	6.15	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	ne	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	ne	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic express for win32 sp	scope:	ne	version:	6.15	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	ne	version:	7.0.0.12	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	ne	version:	7.02	Trust: 0.3
vendor:	bea	model:	systems weblogic express sp	scope:	ne	version:	6.15	Trust: 0.3
vendor:	adam	model:	megacz tinyssl	scope:	ne	version:	1.0.3	Trust: 0.3

sources: BID: 5410 // CNNVD: CNNVD-200304-084 // NVD: CVE-2002-1407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1407
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200304-084
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2002-1407
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200304-084 // NVD: CVE-2002-1407

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200304-084

TYPE

Design Error

Trust: 0.9

sources: BID: 5410 // CNNVD: CNNVD-200304-084

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1407	Trust: 1.9
db:	BID	id:	5410	Trust: 1.9
db:	XF	id:	9776	Trust: 0.6
db:	BUGTRAQ	id:	20020810 TINYSSL VENDOR STATEMENT: BASIC CONSTRAINTS VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20020805 IE SSL VULNERABILITY	Trust: 0.6
db:	CNNVD	id:	CNNVD-200304-084	Trust: 0.6

sources: BID: 5410 // CNNVD: CNNVD-200304-084 // NVD: CVE-2002-1407

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html	Trust: 2.2
url:	http://www.securityfocus.com/bid/5410	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=102866120821995&w=2	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/9776	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/9776	Trust: 0.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/iarwsv.asp	Trust: 0.3
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp	Trust: 0.3
url:	http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73507,00.html	Trust: 0.3
url:	http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/bea03-31.jsp	Trust: 0.3
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	/archive/1/307885	Trust: 0.3

sources: BID: 5410 // CNNVD: CNNVD-200304-084 // NVD: CVE-2002-1407

CREDITS

Mike Benham※ moxie@thoughtcrime.org

Trust: 0.6

sources: CNNVD: CNNVD-200304-084

SOURCES

db:	BID	id:	5410
db:	CNNVD	id:	CNNVD-200304-084
db:	NVD	id:	CVE-2002-1407

LAST UPDATE DATE

2024-08-14T13:40:35.294000+00:00

SOURCES UPDATE DATE

db:	BID	id:	5410	date:	2009-07-11T14:56:00
db:	CNNVD	id:	CNNVD-200304-084	date:	2005-08-08T00:00:00
db:	NVD	id:	CVE-2002-1407	date:	2017-10-10T01:30:12.627

SOURCES RELEASE DATE

db:	BID	id:	5410	date:	2002-08-06T00:00:00
db:	CNNVD	id:	CNNVD-200304-084	date:	2002-08-05T00:00:00
db:	NVD	id:	CVE-2002-1407	date:	2003-04-11T04:00:00